Lucene search
Dmitrii IgnatyevWPVDB-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7HistoryMar 07, 2024 - 12:00 a.m.
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
2024-03-0700:00:00
Dmitrii Ignatyev
wpscan.com
5
pz-linkcard
contributor
ssrf
plugin
arbitrary hosts
shortcodes
high privilege users
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
PoC
Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the following shortcode in a post and save its draft: [blogcard url=“http://127.0.0.1:9000”] Notice that the internal server (localhost:9000) received the request when the draft was saved
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.5.3 |
References
Related
cvelist
cvelist
CVE-2024-0677 Pz-LinkCard <= 2.5.1 - Contributor+ SSRF
2024-03-28 05:00:02
nvd
nvd
CVE-2024-0677
2024-03-28 05:15:49
wpexploit
wpexploit
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
2024-03-07 00:00:00
cve
cve
CVE-2024-0677
2024-03-28 05:15:49
wordfence
wordfence
9.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7