CVE-2022-3484
published 2022-11-14CVE-2022-3484: The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.90%
55.2th percentile
The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress WPB Show Core - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-3484 [MEDIUM] WordPress WPB Show Core - Cross-Site Scripting
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Template:
id: CVE-2022-3484
info:
name: WordPress WPB Show Core - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arb
2022-11-14
Published