4 matches found
CVE-2024-12638
The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12708
CVE-2024-12708 affects Bulk Me Now! WordPress plugin (versions up to 2.0). It reports stored XSS via shortcode attributes not properly validated/escaped before output in posts/pages. This could enable contributors and above to store and trigger XSS. Public patch status is not clearly documented i...
PT-2025-1923
Name of the Vulnerable Software and Affected Versions Bulk Me Now! WordPress plugin versions through 2.0 Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be...
PT-2025-1931 · WordPress · Bulk Me Now!
Name of the Vulnerable Software and Affected Versions: Bulk Me Now! WordPress plugin through 2.0 Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post, which could allow users with the contributor...