Описание
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.3 (исключая)
cpe:2.3:a:popozure:pz-linkcard:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 22%
0.0007
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 5.1
github
почти 2 года назад
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
EPSS
Процентиль: 22%
0.0007
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-918