CVE-2024-1958 — Cross-site Scripting in Show Core Project WPB Show Core

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

1.0%

top 23.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

WPB Show Core Project WPB Show Core

Timeline

PublishedApr 8

Description

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDwpb_show_core_project/wpb_show_core< 2.7

🔴Vulnerability Details

CVEList

WPB Show Core < 2.7 - Reflected XSS↗2024-04-08

▶

GHSA

GHSA-w7x4-hw9x-fprc: The wpb-show-core WordPress plugin before 2↗2024-04-08

▶