Mohamed Abdelhady

**Name of the Vulnerable Software and Affected Versions** WPB Show Core WordPress plugin versions through 2.2 **Description** The issue concerns a local file inclusion vulnerability via the `path` parameter. This allows for potential unauthorized access to sensitive files on the system. **Recommendations** For WPB Show Core WordPress plugin versions through 2.2, update to a version that fixes this issue, as using the `path` parameter can lead to local file inclusion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPB Show Core WordPress plugin versions through 2.2 **Description** The issue concerns server-side request forgery (SSRF) via the `path` parameter. This allows for potentially malicious requests to be made to the server. **Recommendations** For WPB Show Core WordPress plugin versions through 2.2, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `path` parameter to minimize the risk of exploitation.