CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

EUVD-2017-4472

Malware in sbrugna...

EUVD-2025-24734

Malicious code in bioql PyPI...

CVE-2025-28987

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987 WordPress PressForward <= 5.9.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1...

CVE-2025-28987 WordPress PressForward <= 5.9.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987

CVE-2025-28987 affects the WordPress plugin PressForward (versions up to 5.9.1 as stated in multiple sources). The vulnerability is a Server-Side Request Forgery (SSRF) issue with a CVSS v3.1 base score of 6.4 (Medium); impact is limited to confidentiality/integrity and no impact on availability ...

WordPress plugin PressForward 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-33156 · Unknown · Pressforward

Name of the Vulnerable Software and Affected Versions: PressForward versions n/a through 5.9.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in PressForward. This issue allows attackers to perform Server Side Request Forgery. Recommendations: Update PressForward to a versio...

WordPress PressForward plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.PressForward plugin is one of the workflow editing plugin. A cross-site scripting vulnerability exists in the...

CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

Design/Logic Flaw

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

CVE-2017-12948

The CVE-2017-12948 issue affects the WordPress PressForward plugin, specifically Core\Admin\PFTemplater.php in version 4.3.0 and earlier. The vulnerability is a Cross‑Site Scripting (XSS) flaw via PATH_INFO reflected into wp-admin/admin.php, related to PHP_SELF. Multiple sources (Red Hat CVE entr...

CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

WordPress PressForward 4.3.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress PressForward Plugin Security Vulnerability Software: WordPress PressForward plugin Language: PHP Version: 4.3.0 and below Vendor Status: Vendor contacted Release Date: 2017/08/07 Risk: Medium 1. General Overview...

Pressforward <= 5.2.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the $SERVER'QUERYSTRING' before outputting it back in the page, leading to a reflected Cross-Site Scripting issue. The issue was initially reported in v4.3.0 but was never fixed, and is still affecting v5.2.3...

Pressforward <= 5.2.3 - Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise the $SERVER'QUERYSTRING' before outputting it back in the page, leading to a reflected Cross-Site Scripting issue. The issue was initially reported in v4.3.0 but was never fixed, and is still affecting v5.2.3 PoC...

WordPress PressForward plugin <=4.3.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Neven Biruski in WordPress PressForward plugin version 4.3.0 and earlier versions. An attacker can trick the logged in user with administrator rights to visit a link with vulnerable JavaScript and execute the malicious code. Solution At this moment...