The WPB Show Core WordPress plugin up to and including 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
wpb show core project wpb show core