Lucene search

K
wpvulndbBob MatyasWPVDB-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D
HistoryMar 18, 2024 - 12:00 a.m.

WPB Show Core < 2.7 - Reflected XSS

2024-03-1800:00:00
Bob Matyas
wpscan.com
6
wordpress
plugin
xss
security
vulnerability

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.0%

Description The plugin does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

PoC

Open an HTML file containing the following:

CPENameOperatorVersion
eq2.7

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.0%

Related for WPVDB-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D