CVE-2023-4922
Published: 27 November 2023
Summary
CVE-2023-4922 is a critical-severity an unspecified weakness vulnerability in Wpb Show Core Project Wpb Show Core. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The CVE-2023-4922 vulnerability affects the WPB Show Core WordPress plugin through version 2.2 and consists of a local file inclusion flaw reachable via the path parameter. It received a CVSS v3.1 score of 9.8 reflecting network-accessible attack conditions with no required privileges or user interaction and full impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can supply an arbitrary path value to read or include local files on the server, enabling disclosure of sensitive data or potential code execution depending on the server configuration and file contents. The EPSS score for this issue is 0.2642 with no material change from its recorded peak.
Public references from WPScan document the affected plugin versions and parameter but do not detail specific patches or configuration workarounds in the supplied information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54758
Vulnerability details
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.