WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery

The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...

WordPress WPB Show Core plugin < 2.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPB Show Core versions 2.7...

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WPB Show Core plugin < 2.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPB Show Core versions 2.7...

WordPress WPB Show Core plugin < 2.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Aly Khaled Aly Abd Al-aal in WordPress Plugin WPB Show Core versions 2.6...

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-1958

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...

CVE-2024-1956

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

CVE-2024-1292 WPB Show Core < 2.6 - Reflected XSS

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-1292 WPB Show Core < 2.6 - Reflected XSS

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WPB Show Core Plugin < 2.6 is vulnerable to Cross Site Scripting (XSS)

Software WPB Show Core Type Plugin Vulnerable versions 2.6 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1292 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 72f013071970 Credits Aly Khaled Aly Abd Al-aal Requir...

WordPress Plugin WPB Show Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress Plugin WPB Sh...

WordPress WPB Show Core Plugin < 2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPB Show Core Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1956 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID bfdeecd15ddf Credits Bob Matyas Required privilege...

WordPress Plugin WPB Show Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress Plugin WPB Sh...

PT-2024-17794 · WordPress · Wpb Show Core

Name of the Vulnerable Software and Affected Versions: WPB Show Core WordPress plugin versions prior to 2.7 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted back in the page. This cou...

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users PoC...

WPB Show Core < 2.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5974

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...