CVE-2024-12494 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and…
Medium CVSS: 6.4

CVE-2024-12494

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vendor
Bmltenabled
Product
Meeting Map
CWE
CWE-79
Yayın Tarihi
2025-01-24 10:15:07
Güncelleme
2025-02-05 17:09:07
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-79 Meeting Map MEDIUM Bmltenabled 2025

Referanslar

https://plugins.trac.wordpress.org/browser/bmlt-meeting-map/tags/2.6.0/meeting_map.php#L33 https://plugins.trac.wordpress.org/browser/bmlt-meeting-map/tags/2.6.0/meeting_map.php#L462 https://www.wordfence.com/threat-intel/vulnerabilities/id/73c01967-262c-48ab-a464-401b1cadd4be?source=cve