CVE-2023-5974
CRITICAL NUCLEIWpb Show Core < 2.2 - SSRF
Title source: ruleDescription
The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
Nuclei Templates (1)
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
CRITICALby ritikchaddha
FOFA:
body="wp-content/plugins/wpb-show-core/"
Scores
CVSS v3
9.8
EPSS
0.8236
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
wpb_show_core_project/wpb_show_core
< 2.2
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026