Unknown Wpb-Show-Core vulnerabilities

CVE-2024-1292 [MEDIUM] CWE-79 CVE-2024-1292: The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before ou The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2024-1956 [MEDIUM] CWE-79 CVE-2024-1956: The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before out The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

CVE-2024-1958 [MEDIUM] CWE-79 CVE-2024-1958: The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before output The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users

CVE-2023-4922 [CRITICAL] CWE-22 CVE-2023-4922: The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.

CVE-2023-5974 [CRITICAL] CWE-918 CVE-2023-5974: The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) v The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

CVE-2022-3484 [MEDIUM] CWE-79 CVE-2022-3484: The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it bac The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.