Lucene search
K
Wpb Show Core ProjectWpb Show Core

6 matches found

CVE
CVE
added 2024/04/08 5:0 a.m.94 views

CVE-2024-1958

CVE-2024-1958 affects the WPB Show Core WordPress plugin prior to version 2.7, where a parameter is not sanitised/escaped before being output on the page, causing a Reflected XSS vulnerability. Patch/upgrade to WPB Show Core 2.7 or later to remediat​e; the vulnerability is triggered via output re...

4.8CVSS6.2AI score0.00458EPSS
CVE
CVE
added 2024/04/08 5:0 a.m.89 views

CVE-2024-1956

CVE-2024-1956 affects the WordPress plugin WPB Show Core prior to version 2.7. The vulnerability is a reflected XSS caused by insufficient sanitization/escaping of parameters in responses to unauthenticated requests. Multiple sources (Red Hat, CVE lists, Patchstack, WPVulndb) confirm the issue an...

6.1CVSS6.2AI score0.00499EPSS
CVE
CVE
added 2023/11/27 4:22 p.m.84 views

CVE-2023-5974

The CVE-2023-5974 issue affects the WordPress plugin WPB Show Core up to version 2.2. The vulnerability is a Server-Side Request Forgery (SSRF) in download-file.php via the path parameter, allowing unauthenticated attackers to induce the server to request arbitrary URLs. Exploitation details in c...

9.8CVSS9.6AI score0.0315EPSS
CVE
CVE
added 2024/04/08 5:0 a.m.82 views

CVE-2024-1292

CVE-2024-1292 affects the WPB Show Core WordPress plugin prior to 2.7. The issue is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of parameters before they are output in the page, potentially exploitable against high-privilege users (e.g., admins). Public sources i...

4.7CVSS4.5AI score0.00499EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.80 views

CVE-2022-3484

The CVE-2022-3484 entry relates to the WordPress WPB Show Core plugin, where a parameter is not sanitized/escaped before being echoed in the page, causing a Reflected Cross-Site Scripting vulnerability. Affected component: WPB Show Core WordPress plugin (specific version range not consistently sp...

6.1CVSS6.2AI score0.00902EPSS
CVE
CVE
added 2023/11/27 4:22 p.m.48 views

CVE-2023-4922

Summary of CVE-2023-4922 : The WPB Show Core WordPress plugin (versions up to and including 2.2) is vulnerable to an unauthenticated local file inclusion via the path parameter. The attack surface centers on a local file inclusion in the plugin, exemplified by PoCs targeting files such as /etc/re...

9.8CVSS9.2AI score0.1567EPSS