返回列表

CVE-2024-12638: Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

CVE: CVE-2024-12638

CNVD: 暂无

CNNVD: 暂无

漏洞类型: 命令执行

漏洞等级: 高危

年份: 2026

POC_ID: 暂无

漏洞描述

Bulk Me Now! WordPress plugin <= 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. [已公开] id: CVE-2024-12638 info: name: Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting author: Sourabh-Sahu severity: high description: | Bulk Me Now! WordPress plugin <= 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. impact: | Attackers can execute malicious scripts in the context of high privilege users, potentially leading to session hijacking or account compromise. remediation: | Update to the latest version of the plugin where the vulnerability is fixed or implement input sanitization and output escaping. reference: - https://wpscan.com/vulnerability/a6f5b0fe-00a0-4e30-aec6-87882c035beb/ - https://nvd.nist.gov/vuln/detail/CVE-2024-12638 classification

影响范围

未知

漏洞详情

登录后可查看漏洞详情。请先登录或注册。

漏洞 POC

登录后可查看漏洞 POC。请先登录或注册。

修复建议

暂无

参考来源

https://wpscan.com/vulnerability/a6f5b0fe-00a0-4e30-aec6-87882c035beb/