Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.6 views

CVE-2024-1956

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00499EPSS
Exploits2References1
NVD
NVD
added 2024/04/08 5:15 a.m.21 views

CVE-2024-1956

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

6.1CVSS6AI score0.00499EPSS
Exploits2References1
CVE
CVE
added 2024/04/08 5:0 a.m.91 views

CVE-2024-1956

CVE-2024-1956 affects the WordPress plugin WPB Show Core prior to version 2.7. The vulnerability is a reflected XSS caused by insufficient sanitization/escaping of parameters in responses to unauthenticated requests. Multiple sources (Red Hat, CVE lists, Patchstack, WPVulndb) confirm the issue an...

6.1CVSS6.2AI score0.00499EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/08 5:0 a.m.27 views

CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

6.3AI score0.00499EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/08 5:0 a.m.28 views

CVE-2024-1956 WPB Show Core < 2.7 - Reflected XSS

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting...

6.1AI score0.00499EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/04/08 12:0 a.m.12 views

WordPress WPB Show Core Plugin < 2.7 is vulnerable to Cross Site Scripting (XSS)

Software WPB Show Core Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1956 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID bfdeecd15ddf Credits Bob Matyas Required privilege...

5.8AI score0.00499EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder