CVE-2024-0672
📋 TL;DR
The Pz-LinkCard WordPress plugin through version 2.5.1 contains a reflected cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via unsanitized parameters, which execute when viewed by administrators or other high-privilege users. This affects all WordPress sites using vulnerable versions of the plugin.
💻 Affected Systems
- Pz-LinkCard WordPress Plugin
📦 What is this software?
Pz Linkcard by Popozure
⚠️ Risk & Real-World Impact
Worst Case
An attacker could steal administrator session cookies, perform actions as the administrator (like installing backdoors, creating new admin accounts), or redirect users to malicious sites.
Likely Case
Attackers would typically steal session cookies to gain administrative access, then maintain persistence or deploy additional malware.
If Mitigated
With proper web application firewalls and input validation, the attack would be blocked before reaching vulnerable code.
🎯 Exploit Status
Exploitation requires tricking an authenticated user (preferably admin) to click a malicious link. The vulnerability is well-documented in public sources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.2 or later
Vendor Advisory: https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Pz-LinkCard and update to version 2.5.2 or later. 4. If update not available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allConfigure WAF to block XSS payloads in query parameters targeting the vulnerable endpoint.
Depends on specific WAF (e.g., ModSecurity, Cloudflare, AWS WAF)
Disable Plugin
linuxTemporarily deactivate the Pz-LinkCard plugin until patched.
wp plugin deactivate pz-linkcard
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact.
- Restrict admin panel access to trusted IP addresses only.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Pz-LinkCard version 2.5.1 or earlier.Check Version:
wp plugin list --name=pz-linkcard --field=versionVerify Fix Applied:
Confirm plugin version is 2.5.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests with script tags or JavaScript in query parameters to plugin endpoints.
- Multiple failed login attempts followed by successful admin login from new IP.
Network Indicators:
- HTTP requests containing <script> tags or JavaScript in URL parameters targeting /wp-content/plugins/pz-linkcard/
SIEM Query:
source="web_access_logs" AND (uri="/wp-content/plugins/pz-linkcard/" AND (query="*<script>*" OR query="*javascript:*"))