CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

2024-04-0805:00:02

WPScan

www.cve.org

cve-2024-1956

wordpress

plugin

sanitization

unauthenticated request

xss

AI Score

6.1

Confidence

High

EPSS

Percentile

9.0%

JSON

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "wpb-show-core",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/