Threat Entry Updated 2025-10-14

CVE-2025-8594 - Pz Linkcard Plugin

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.

PLUGIN Pz Linkcard

CVE-2025-8594

LOW CVSS 3.8 2025-10-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-01

CVE-2024-0672 - Pz Linkcard Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Pz Linkcard

CVE-2024-0672

HIGH CVSS 7.1 2024-03-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-01

CVE-2024-0673 - Pz Linkcard Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Pz Linkcard

CVE-2024-0673

MEDIUM CVSS 6.1 2024-03-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-04-01

CVE-2024-0677 - Pz Linkcard Plugin

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

PLUGIN Pz Linkcard

CVE-2024-0677

MEDIUM CVSS 5.1 2024-03-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-25012 - Pz Linkcard Plugin

The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues

PLUGIN Pz Linkcard

CVE-2021-25012

MEDIUM CVSS 6.1 2022-03-28

Risk Score

Open Full Technical Breakdown