Login Sign Up

CVE-2023-4922

9.8 CRITICAL

📋 TL;DR

The WPB Show Core WordPress plugin through version 2.2 contains a local file inclusion vulnerability via the 'path' parameter. This allows attackers to read arbitrary files on the server, potentially exposing sensitive information. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • WPB Show Core WordPress Plugin
Versions: through 2.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin activated. No special configuration needed.

📦 What is this software?

Wpb Show Core by Wpb Show Core Project

View all CVEs affecting Wpb Show Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like wp-config.php (containing database credentials), followed by database access, privilege escalation, and potential remote code execution.

🟠

Likely Case

Information disclosure of sensitive files including configuration files, source code, and system files, potentially leading to credential theft and further attacks.

🟢

If Mitigated

Limited impact if file permissions are properly configured and sensitive files are protected, though information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward via HTTP requests to the vulnerable parameter. Public proof-of-concept exists in vulnerability databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3 or later

Vendor Advisory: https://wpscan.com/vulnerability/968d87c0-af60-45ea-b34e-8551313cc8df

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WPB Show Core' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Deactivate the WPB Show Core plugin to prevent exploitation

wp plugin deactivate wpb-show-core

Web Application Firewall rule

all

Block requests containing suspicious path parameter patterns

Add WAF rule to block requests with 'path' parameter containing directory traversal sequences (../, ..\, etc.)

🧯 If You Can't Patch

  • Deactivate and remove the WPB Show Core plugin immediately
  • Implement strict file permissions and disable directory listing on the web server

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WPB Show Core version 2.2 or earlier

Check Version:

wp plugin list --name=wpb-show-core --field=version

Verify Fix Applied:

Verify plugin version is 2.3 or later, or confirm plugin is deactivated/removed

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing 'path' parameter with directory traversal sequences (../, ..\)
  • Access to sensitive files like wp-config.php from unexpected sources

Network Indicators:

  • Unusual file read patterns via HTTP requests
  • Requests to plugin-specific endpoints with path parameter manipulation

SIEM Query:

source="web_logs" AND (uri="*path=*" AND (uri="*../*" OR uri="*..\\*"))

📊 Metadata

CVE ID: CVE-2023-4922
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON