cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1958,https://securityvulnerability.io/vulnerability/CVE-2024-1958,Reflected Cross-Site Scripting Vulnerability in wpb-show-core WordPress Plugin,"The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users",Wordpress,WPb-show-core,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-08T05:00:02.643Z,0
CVE-2024-1956,https://securityvulnerability.io/vulnerability/CVE-2024-1956,WPB Show Core < 2.7 - Reflected XSS,"The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting",Wordpress,WPb-show-core,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-08T05:00:02.454Z,0
CVE-2024-1292,https://securityvulnerability.io/vulnerability/CVE-2024-1292,Reflected Cross-Site Scripting Vulnerability in wpb-show-core WordPress Plugin,"The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WPb-show-core,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-08T05:00:01.286Z,0
CVE-2023-5974,https://securityvulnerability.io/vulnerability/CVE-2023-5974,WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery,"The WPB Show Core plugin for WordPress version 2.2 has a vulnerability that allows attackers to exploit the `path` parameter, facilitating server-side request forgery (SSRF). This issue could lead to unauthorized access to internal resources or sensitive data, as malicious users may leverage this to manipulate server requests.",Wordpress,wpb-show-core,9.8,CRITICAL,0.002589999930933118,false,,false,false,false,,false,false,2023-11-27T17:15:00.000Z,0
CVE-2023-4922,https://securityvulnerability.io/vulnerability/CVE-2023-4922,WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion,"The WPB Show Core WordPress plugin versions up to 2.2 contains a vulnerability that allows for local file inclusion through manipulation of the `path` parameter. This flaw could enable attackers to exploit the system and gain unauthorized access to sensitive files, potentially leading to further compromise of the web application. Website administrators are advised to update the plugin to ensure proper security measures are in place.",Wordpress,wpb-show-core,9.8,CRITICAL,0.0025599999353289604,false,,false,false,false,,false,false,2023-11-27T17:15:00.000Z,0
CVE-2022-3484,https://securityvulnerability.io/vulnerability/CVE-2022-3484,WPB Show Core - Reflected Cross-Site Scripting,"The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.",Wordpress,WPb-show-core,6.1,MEDIUM,0.0010999999940395355,false,,false,false,false,,false,false,2022-11-14T00:00:00.000Z,0