cleantalk
Vulnerabilities and Security Researches

Pz-LinkCard, CVE-2024-0677

CVE, Research URL

CVE-2024-0677

Home page URL

Security reports for Pz-LinkCard

Application

Pz-LinkCard

Published on
Mar 28, 2024
Research Description
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
Affected versions
max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Pz-LinkCard (CVE-2025-8594) , Nov 10, 2025
Pz-LinkCard (CVE-2024-0672) , Jun 07, 2024
Pz-LinkCard (CVE-2021-25012) , Jun 07, 2024
Pz-LinkCard (CVE-2024-0673) , Jun 07, 2024
Pz-LinkCard (CVE-2023-47790) , Jun 07, 2024
New vulnerability
Post Connector (CVE-2025-52741) , Nov 11, 2025
Flights & Hotels Booking WP Plugin (CVE-2025-62916) , Nov 11, 2025
Headline Analyzer (CVE-2025-62974) , Nov 11, 2025
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (CVE-2025-11373) , Nov 11, 2025
Thumbnail Slider With Lightbox (CVE-2015-10146) , Nov 11, 2025