CVE-2017-12948

MEDIUM

Pressforward < 4.3.0 - XSS

Title source: rule

Description

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.

References (1)

[Third Party Advisory] http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf

Scores

CVSS v3 6.1

EPSS 0.0021

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

pressforward/pressforward < 4.3.0

n/a/n/a

Published Aug 18, 2017

Tracked Since Feb 18, 2026