cbcvebase.
CVE-2023-5974
published 2023-11-27

CVE-2023-5974: The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.15%
86.3th percentile
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpb_show_core_projectwpb_show_core<= 2.2

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/wpb-show-core/download-file.php
filenamedownload-file.php
otherbody="wp-content/plugins/wpb-show-core/"
  • Detect exploitation attempts by monitoring HTTP GET requests to /wp-content/plugins/wpb-show-core/download-file.php with a non-empty `path` query parameter containing an external URL (http:// or https://).
  • The vulnerability is unauthenticated — no session cookie or authentication header is required. Flag any unauthenticated request to download-file.php with an external `path` value.
  • Fingerprint vulnerable WordPress installations by searching for the string 'wp-content/plugins/wpb-show-core/' in HTTP response bodies.
  • Confirm active exploitation by correlating outbound HTTP requests originating from the web server process following a request to download-file.php — consistent with SSRF callback detection (e.g., interactsh/OOB).
  • ·The Nuclei template uses a two-step flow: first confirm the plugin is present (body contains 'wpb-show-core'), then trigger the SSRF. Detection logic should similarly gate on plugin presence to reduce false positives.
  • ·Affected versions are 2.2 and below; the vulnerability is present in all releases through 2.2 with no patched version publicly referenced in the sources.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.