cleantalk
Vulnerabilities and Security Researches

PressForward, CVE-2017-12948

CVE, Research URL

CVE-2017-12948

Home page URL

Security reports for PressForward

Application

PressForward

Published on
Aug 18, 2017
Research Description
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
Affected versions
Min -, max 4.3.1.
Status
vulnerable
Previous vulnerability researches
PressForward (CVE-2017-12948) , Jun 06, 2024
PressForward (CVE-2025-28987) , Aug 05, 2025
New vulnerability
WP Tournament Registration (CVE-2025-6690) , Aug 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-8100) , Aug 06, 2025
Online Booking & Scheduling Calendar for WordPress by vcita (CVE-2025-54676) , Aug 06, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-54667) , Aug 06, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-54668) , Aug 06, 2025