VYPR

WPB Show Core

by WordPress

CVEs (6)

  • CVE-2023-4922CriNov 27, 2023
    risk 0.65cvss 9.8epss 0.16

    The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.

  • CVE-2023-5974CriNov 27, 2023
    risk 0.64cvss 9.8epss 0.03

    The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

  • CVE-2024-1956MedApr 8, 2024
    risk 0.40cvss 6.1epss 0.01

    The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

  • CVE-2022-3484MedNov 14, 2022
    risk 0.40cvss 6.1epss 0.01

    The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

  • CVE-2024-1958MedApr 8, 2024
    risk 0.31cvss 4.8epss 0.00

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users

  • CVE-2024-1292MedApr 8, 2024
    risk 0.31cvss 4.7epss 0.01

    The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin