Lucene search
China National Vulnerability DatabaseCNVD-2021-103101HistoryNov 04, 2021 - 12:00 a.m.
WordPress BP Better Messages plugin cross-site request forgery vulnerability
2021-11-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
wordpress
bp better messages
plugin
cross-site request forgery
vulnerability
php
mysql
ajax
attacker
logged-in user
EPSS
0.001
Percentile
47.5%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. The WordPress BP Better Messages plugin has a cross-site request forgery vulnerability in versions prior to 1.9.9.41, which stems from the plugin’s lack of valid CSRF checks for multiple AJAX behaviors in it, which could be exploited by an attacker to allow a logged-in user to perform unwanted actions. required operations.
Related
wpvulndb
wpvulndb
BP Better Messages < 1.9.9.41 - Multiple CSRF
2021-10-04 00:00:00
cve
cve
CVE-2021-24809
2021-11-01 09:15:09
prion
prion
Cross site request forgery (csrf)
2021-11-01 09:15:00
cvelist
cvelist
CVE-2021-24809 BP Better Messages < 1.9.9.41 - Multiple CSRF
2021-11-01 08:46:30
nvd
nvd
CVE-2021-24809
2021-11-01 09:15:09
patchstack
patchstack
wpexploit
wpexploit
BP Better Messages < 1.9.9.41 - Multiple CSRF
2021-10-04 00:00:00