
Cloud Vulnerability DB
A community-led vulnerabilities database
The wpb-show-core WordPress plugin before version 2.7 contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-1956. The vulnerability exists because the plugin does not properly sanitize and escape parameters before outputting them back in the response of an unauthenticated request (WPScan, NVD).
The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue stems from the plugin's failure to properly sanitize and escape parameters in unauthenticated requests (NVD).
When exploited, this vulnerability allows an unauthenticated attacker to perform Reflected Cross-Site Scripting attacks against users of the affected WordPress sites. This could potentially lead to the execution of malicious scripts in users' browsers in the context of the vulnerable site (WPScan).
The recommended mitigation is to update the wpb-show-core WordPress plugin to version 2.7 or later, which contains fixes for this vulnerability (WPScan).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."