CVE-2021-25012: 
WordPress vulnerability analysis and mitigation

CVE-2021-25012 is a security vulnerability affecting the Pz-LinkCard WordPress plugin versions through 2.4.4.4. The vulnerability was discovered by Krzysztof Zając and was publicly disclosed on March 1, 2022. This security issue affects the WordPress plugin's admin dashboard functionality (WPScan).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability received a CVSS v3.1 base score of 6.1 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The technical issue stems from the plugin's failure to properly sanitize and escape multiple parameters before outputting them back in admin dashboard pages (NVD).

The vulnerability allows attackers to execute cross-site scripting attacks through the admin dashboard pages. This could potentially lead to the compromise of sensitive information and unauthorized actions performed in the context of the authenticated user's session (WPScan).

The vulnerability has been fixed in version 2.4.5.3 of the Pz-LinkCard plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).