CVE-2026-2434

Name of the Vulnerable Software and Affected Versions Pz-LinkCard versions prior to 2.5.8.2

Description The Pz-LinkCard plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs due to insufficient input sanitization and output escaping within the attributes of the 'blogcard' shortcode. These scripts execute whenever a user visits the affected page.

Recommendations Update to a version newer than 2.5.8.1.