See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-12708

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 30, 2025

Summary

CVE-2024-12708 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Bulk Me Now! WordPress plugin before version 2.0. This flaw permits users with the contributor role or higher to inject malicious scripts into pages or posts where the vulnerable shortcode is used. The plugin does not properly validate and escape shortcode attributes, leading to the successful execution of the XSS attack. This vulnerability poses a significant risk to websites using the Bulk Me Now! plugin, as it can lead to data theft, unauthorized access, or other malicious activities. Updating the plugin to a version released after this vulnerability was discovered is strongly advised to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database