CVE-2024-12469

Summary

CVE-2024-12469 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WP BASE Booking of Appointments, Services and Events plugin for WordPress. Versions up to and including 4.9.1 are vulnerable due to insufficient input sanitization and output escaping. An attacker can inject arbitrary web scripts by manipulating the ‘status’ parameter, which could lead to successful code injection. Unauthenticated attackers can exploit this vulnerability by tricking users into clicking on a malicious link, potentially gaining access to sensitive information or taking control of user sessions. This poses a significant risk to WordPress websites using the affected plugin and highlights the importance of timely software updates and secure coding practices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.