Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.8 views

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS6AI score0.00499EPSS
Exploits2References1
OSV
OSV
added 2024/04/08 5:15 a.m.4 views

CVE-2024-1292

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS5.8AI score0.00499EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/08 5:0 a.m.14 views

CVE-2024-1292 WPB Show Core < 2.6 - Reflected XSS

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00499EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/08 5:0 a.m.29 views

CVE-2024-1292 WPB Show Core < 2.6 - Reflected XSS

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.9AI score0.00499EPSS
Exploits2References1
CVE
CVE
added 2024/04/08 5:0 a.m.85 views

CVE-2024-1292

CVE-2024-1292 affects the WPB Show Core WordPress plugin prior to 2.7. The issue is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of parameters before they are output in the page, potentially exploitable against high-privilege users (e.g., admins). Public sources i...

4.7CVSS4.5AI score0.00499EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/04/08 12:0 a.m.14 views

WordPress WPB Show Core Plugin < 2.6 is vulnerable to Cross Site Scripting (XSS)

Software WPB Show Core Type Plugin Vulnerable versions 2.6 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1292 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 72f013071970 Credits Aly Khaled Aly Abd Al-aal Requir...

4.7CVSS5.8AI score0.00499EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder