CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47790 – WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47790
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. Cross-Site Request Forgery (CSRF) conduce a una vulnerabilidad de Cross-Site Scripting (XSS) en el complemento Poporon Pz-LinkCard en versiones <= 2.4.8. The Pz-LinkCard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the page_cacheman function. This makes it possible for unauthenticated attackers to manage the plugin's caching functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/pz-linkcard/wordpress-pz-linkcard-plugin-2-4-8-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25012 – Pz-LinkCard <= 2.4.4.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25012
The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues El plugin Pz-LinkCard de WordPress versiones hasta 2.4.4.4, no sanea y escapa de múltiples parámetros antes de devolverlos en las páginas del panel de control del administrador, conllevando a problemas de tipo Cross-Site Scripting Reflejado The Pz-LinkCard plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wpscan.com/vulnerability/b126d2fc-6cc7-4c18-b95e-d32c2effcc4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •