Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

EUVD-2024-51063

Malicious code in bioql PyPI...

WordPress Bulk Me Now plugin <= 2.0 - Message Deletion via CSRF vulnerability

Message Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Bulk Me Now! versions = 2.0...

WordPress Bulk Me Now plugin <= 2.0 - Stored XSS via Shortcode vulnerability

Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Bulk Me Now! versions = 2.0...

WordPress Bulk Me Now plugin <= 2.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Bulk Me Now! versions = 2.0...

CVE-2024-12708

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12709

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-12638

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12709 Bulk Me Now <= 2.0 - Message Deletion via CSRF

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-12709 Bulk Me Now <= 2.0 - Message Deletion via CSRF

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-12709

CVE-2024-12709 concerns the WordPress plugin Bulk Me Now! (versions ≤ 2.0). The issue is a lack of CSRF protections in certain paths, enabling attackers to trigger actions as logged-in users via CSRF. Several connected sources corroborate CSRF-related risk and, in Patch Stack, describe a CSRF-cau...

CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12708

CVE-2024-12708 affects Bulk Me Now! WordPress plugin (versions up to 2.0). It reports stored XSS via shortcode attributes not properly validated/escaped before output in posts/pages. This could enable contributors and above to store and trigger XSS. Public patch status is not clearly documented i...

CVE-2024-12638 Bulk Me Now <= 2.0 - Reflected XSS

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12638

CVE-2024-12638 concerns the Bulk Me Now! WordPress plugin (versions ≤ 2.0). Multiple connected sources confirm a reflected XSS due to improper sanitization/escaping of a parameter when echoed back on a page, potentially impacting high-privilege users (e.g., admins). The CVSS v3.1 base metrics in ...

CVE-2024-12638 Bulk Me Now <= 2.0 - Reflected XSS

The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin Bulk Me Now! 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

WordPress plugin Bulk Me Now! 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...