Share
## https://sploitus.com/exploit?id=WPEX-ID:D80E725D-356A-4997-A352-33565E291FC8
Put the following payload in the "Class ID to be Added (for PC)" setting of the plugin (/wp-admin/options-general.php?page=pz-linkcard-settings > Advanced): " onmouseover=alert(/XSS/)//

Then open page/post containing a blogcard shortcode (such as [blogcard url="aaa"]) and move the mouse over the generated card to trigger the XSS