High severity7.2NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026

CVE-2017-12947

Description

classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.

Affected products

Easymodal Project/Easy Modal
cpe:2.3:a:easymodal_project:easy_modal:*:*:*:*:*:wordpress:*:*
Range: <=2.0.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdfnvdThird Party Advisory
wordpress.org/plugins/easy-modal/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000