CVE-2024-1956 — Cross-site Scripting in Show Core Project WPB Show Core

CWE-79 — Cross-site Scripting CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 29.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

WPB Show Core Project WPB Show Core

Timeline

PublishedApr 8

Latest updateApr 17

Description

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDwpb_show_core_project/wpb_show_core< 2.7

🔴Vulnerability Details

GHSA

GHSA-v5gh-4369-4w97: The wpb-show-core WordPress plugin before 2↗2024-04-08

▶

CVEList

WPB Show Core < 2.7 - Reflected XSS↗2024-04-08

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range↗2024-04-17

▶