6 matches found
CVE-2024-1958
CVE-2024-1958 affects the WPB Show Core WordPress plugin prior to version 2.7, where a parameter is not sanitised/escaped before being output on the page, causing a Reflected XSS vulnerability. Patch/upgrade to WPB Show Core 2.7 or later to remediate; the vulnerability is triggered via output re...
CVE-2024-1956
CVE-2024-1956 affects the WordPress plugin WPB Show Core prior to version 2.7. The vulnerability is a reflected XSS caused by insufficient sanitization/escaping of parameters in responses to unauthenticated requests. Multiple sources (Red Hat, CVE lists, Patchstack, WPVulndb) confirm the issue an...
CVE-2023-5974
The CVE-2023-5974 issue affects the WordPress plugin WPB Show Core up to version 2.2. The vulnerability is a Server-Side Request Forgery (SSRF) in download-file.php via the path parameter, allowing unauthenticated attackers to induce the server to request arbitrary URLs. Exploitation details in c...
CVE-2024-1292
CVE-2024-1292 affects the WPB Show Core WordPress plugin prior to 2.7. The issue is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of parameters before they are output in the page, potentially exploitable against high-privilege users (e.g., admins). Public sources i...
CVE-2022-3484
The CVE-2022-3484 entry relates to the WordPress WPB Show Core plugin, where a parameter is not sanitized/escaped before being echoed in the page, causing a Reflected Cross-Site Scripting vulnerability. Affected component: WPB Show Core WordPress plugin (specific version range not consistently sp...
CVE-2023-4922
Summary of CVE-2023-4922 : The WPB Show Core WordPress plugin (versions up to and including 2.2) is vulnerable to an unauthenticated local file inclusion via the path parameter. The attack surface centers on a local file inclusion in the plugin, exemplified by PoCs targeting files such as /etc/re...