CVE-2023-5974

CRITICAL NUCLEI

WPB Show Core < 2.2 - Server-Side Request Forgery via Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-5974 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

Nuclei Templates (1)

WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
CRITICALby ritikchaddha
FOFA: body="wp-content/plugins/wpb-show-core/"

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5

Scores

CVSS v3 9.8
EPSS 0.0315
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-918
Status published
Products (1)
wpb_show_core_project/wpb_show_core < 2.2
Published Nov 27, 2023
Tracked Since Feb 18, 2026