Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-3484

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

3.5%

top 12.34%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown Wpb-show-core

Timeline

PublishedNov 14

Description

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5unknown/wpb-show-coreTODO — TODO

🔴Vulnerability Details

GHSA

GHSA-7jh3-h852-qg8m: The WPB Show Core WordPress plugin through TODO does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected↗2022-11-14

▶

CVEList

WPB Show Core - Reflected Cross-Site Scripting↗2022-11-14

▶

💥Exploits & PoCs

Nuclei

WordPress WPB Show Core - Cross-Site Scripting

▶