CVE-2025-8594

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
3.8LOW
EPSS
0.0%
top 91.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unknown Pz-linkcard
Timeline
PublishedOct 14

Description

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages1 packages

CVEListV5unknown/pz-linkcard< 2.5.7

🔴Vulnerability Details

2
GHSA
GHSA-2m7w-32cj-4pj7: The Pz-LinkCard WordPress plugin before 22025-10-14
CVEList
Pz-LinkCard < 2.5.7 - Contributor+ SSRF2025-10-14
CVE-2025-8594 (LOW CVSS 3.8) | The Pz-LinkCard WordPress plugin be | cvebase.io