Medium severity6.1NVD Advisory· Published Aug 18, 2017· Updated Jun 17, 2026
CVE-2017-12948
CVE-2017-12948
Description
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
Affected products
2Patches
Vulnerability mechanics
References
1- www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdfnvdThird Party Advisory
News mentions
0No linked articles in our index yet.