CVE-2024-0677

Name of the Vulnerable Software and Affected Versions Pz-LinkCard WordPress plugin versions 2.5.1 and earlier

Description The issue allows high privilege users, such as contributors, to perform Server-Side Request Forgery (SSRF) attacks by pinging arbitrary hosts via some of the plugin's shortcodes. This could jeopardize website integrity. SSRF attacks involve tricking a server into making requests to arbitrary hosts, potentially leading to unauthorized access or data exposure.

Recommendations For Pz-LinkCard WordPress plugin versions 2.5.1 and earlier, consider disabling the shortcodes that allow pinging arbitrary hosts until a patch is available. Restrict access to these shortcodes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.