CVE-2024-12709

Bulk Me Now <= 2.0 - Message Deletion via CSRF

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.


We have discovered 2 live websites that are affected by CVE-2024-12709.

Test my site




Affected Software

Product  Bulk Me Now
Category Wordpress Plugins
Vulnerable Domains2 live websites (100.00% of Bulk Me Now install base)
Vulnerable Versions
  • from 0 through 2
Vulnerable Versions Count2 versions ( 100.00% of all versions)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Jan 30, 2025
  • Updated - Jan 30, 2025

Credits

  • Bob Matyas (finder)
  • WPScan (coordinator)

CVE-2024-12709 usage by Country

United States1 websites



Sweden1 websites

CVE-2024-12709 usage by TLD

.com1 websites
.se1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-12709

Top websites that are affected by CVE-2024-12709. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.se Sweden**,***,***
*******.com United States***,***,***
See full domain list

FAQ

CVE-2024-12709 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Bulk Me Now
A total of 2 websites have been identified as vulnerable to CVE-2024-12709, discovered through global website indexing conducted by WebTechSurvey.
Bulk Me Now is susceptible to CVE-2024-12709 vulnerability.
Bulk Me Now versions before, and including, 2 are vulnerable to CVE-2024-12709.