.. / CVE-2016-10973

Exploit for Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting (CVE-2016-10973)

Description:

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.

Nuclei Template

View the template here CVE-2016-10973.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-10973.yaml
Copy

References:

https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2026-10973