CVE-2024-12737

Summary

CVE-2024-12737: The WP BASE Booking of Appointments, Services and Events WordPress plugin contains a Reflected Cross-Site Scripting (XSS) vulnerability. Before version 5.0.0, the plugin fails to sanitize and escape a user-supplied parameter, allowing attackers to inject malicious scripts into web pages. This issue poses a significant risk to high-privilege users like admins, who could be manipulated into visiting a malicious link or opening a specially crafted email. Successful exploitation could result in unauthorized access to sensitive information or system takeover. Users are encouraged to update to the latest plugin version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.