CVE-2023-5974
published 2023-11-27CVE-2023-5974: The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.15%
86.3th percentile
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpb_show_core_project | wpb_show_core | <= 2.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to /wp-content/plugins/wpb-show-core/download-file.php with a non-empty `path` query parameter containing an external URL (http:// or https://). ↗
- →The vulnerability is unauthenticated — no session cookie or authentication header is required. Flag any unauthenticated request to download-file.php with an external `path` value. ↗
- →Fingerprint vulnerable WordPress installations by searching for the string 'wp-content/plugins/wpb-show-core/' in HTTP response bodies. ↗
- →Confirm active exploitation by correlating outbound HTTP requests originating from the web server process following a request to download-file.php — consistent with SSRF callback detection (e.g., interactsh/OOB). ↗
- ·The Nuclei template uses a two-step flow: first confirm the plugin is present (body contains 'wpb-show-core'), then trigger the SSRF. Detection logic should similarly gate on plugin presence to reduce false positives. ↗
- ·Affected versions are 2.2 and below; the vulnerability is present in all releases through 2.2 with no patched version publicly referenced in the sources. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
nuclei·CVSS 9.8
CVE-2023-5974 [CRITICAL] WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery (SSRF) via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs.
Template:
id: CVE-2023-5974
info:
name: WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
author: ritikchaddha
severity: critical
description: |
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery (SSRF) via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs.
impact: |
Unauthenticated attackers
Bugzilla
CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
bugzilla·2023-09-06·CVSS 7.5
CVE-2023-39321 [HIGH] CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
Processing an incomplete post-handshake message for a QUIC connection caused a panic.
Discussion:
Created golang tracking bugs for this issue:
Affects: epel-all [bug 2238808]
Affects: fedora-all [bug 2238809]
---
This issue has been addressed in the following products:
NETWORK-OBSERVABILITY-1.4.0-RHEL-9
Via RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
---
This issue has been addressed in the following products:
Cryostat 2 on RHEL 8
Via RHSA-2023:6031 https://access.redhat.com/errata/RHSA-2023:6031
---
This issue has been addressed in the following products:
Red Hat Openshift distributed tracing 2.9
Via RHSA-2023:6085 https://access.redhat.com/errata/RHSA-202
Bugzilla
CVE-2023-39319 golang: html/template: improper handling of special tags within script contexts
bugzilla·2023-09-06·CVSS 6.1
CVE-2023-39319 [MEDIUM] CVE-2023-39319 golang: html/template: improper handling of special tags within script contexts
CVE-2023-39319 golang: html/template: improper handling of special tags within script contexts
The html/template package did not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
Discussion:
Created golang tracking bugs for this issue:
Affects: epel-all [bug 2238802]
Affects: fedora-all [bug 2238803]
---
This issue has been addressed in the following products:
NETWORK-OBSERVABILITY-1.4.0-RHEL-9
Via RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
---
This issue has been addressed in the following products:
Red Hat Openshift distributed tracing 2.9
Via RHSA-2023:608
2023-11-27
Published