Lucene search
K

CVE-2021-24809

🗓️ 01 Nov 2021 08:46:30Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov👁 40 Views🌐 WEB

The BP Better Messages WordPress plugin before 1.9.9.41 allows CSRF in multiple AJAX actions

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24809
1 Nov 202111:21
circl
CNNVD
WordPress 跨站请求伪造漏洞
1 Nov 202100:00
cnnvd
CNVD
WordPress BP Better Messages plugin cross-site request forgery vulnerability
4 Nov 202100:00
cnvd
Cvelist
CVE-2021-24809 BP Better Messages < 1.9.9.41 - Multiple CSRF
1 Nov 202108:46
cvelist
EUVD
EUVD-2021-11721
7 Oct 202500:30
euvd
NVD
CVE-2021-24809
1 Nov 202109:15
nvd
OSV
CVE-2021-24809
1 Nov 202109:15
osv
Patchstack
WordPress BP Better Messages plugin <= 1.9.9.37 - Cross-Site Request Forgery (CSRF) vulnerability
4 Oct 202100:00
patchstack
Prion
Cross site request forgery (csrf)
1 Nov 202109:15
prion
RedhatCVE
CVE-2021-24809
22 May 202519:23
redhatcve
Rows per page
NVD
Vulners
Node
wordplusbetter_messagesRange<1.9.9.41wordpress
[
  {
    "product": "BP Better Messages",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.9.9.41",
        "status": "affected",
        "version": "1.9.9.41",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_leave_chatCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_join_chatCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_messages_leave_threadCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_messages_mute_threadCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_messages_unmute_threadCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_add_user_to_threadCWE-352
actionrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_exclude_user_from_threadCWE-352
user_idrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_exclude_user_from_threadCWE-352
thread_idrequest bodywp-admin/admin-ajax.phpCSRF vulnerability in AJAX action bp_better_messages_exclude_user_from_threadCWE-352

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:40Current
8.7High risk
Vulners AI Score8.7
CVSS 26.8
CVSS 3.18.8
EPSS0.00703
40