The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
6.1CVSS
6.2AI Score
0.001EPSS
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the path parameter.
9.8CVSS
9AI Score
0.001EPSS
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the path parameter.
9.8CVSS
9.4AI Score
0.001EPSS
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6AI Score
0.0004EPSS
The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting
6.2AI Score
0.0004EPSS
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
6.2AI Score
0.0004EPSS