EUVD-2024-48701

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 5.7.5

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-7850	20 Aug 202404:34	–	circl
CNNVD	WordPress plugin BP Profile Search 安全漏洞	20 Aug 202400:00	–	cnnvd
CVE	CVE-2024-7850	20 Aug 202402:03	–	cve
Cvelist	CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	20 Aug 202402:03	–	cvelist
NVD	CVE-2024-7850	20 Aug 202402:15	–	nvd
Patchstack	WordPress BP Profile Search Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)	20 Aug 202400:00	–	patchstack
Patchstack	WordPress BP Profile Search plugin <= 5.7.5 - Cross-Site Request Forgery to Cross-Site Scripting vulnerability	20 Aug 202400:11	–	patchstack
RedhatCVE	CVE-2024-7850	23 May 202509:50	–	redhatcve
Vulnrichment	CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	20 Aug 202402:03	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)	29 Aug 202413:48	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "0c3ad522-814f-3e8e-9b92-9c6750e4a91c",
        "vendor": {
          "name": "dontdream"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "8fbd6c56-03fc-312c-97af-2e8b8ef27386",
        "product": {
          "name": "BP Profile Search"
        },
        "product_version": "* ≤5.7.5"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca
plugins	www.plugins.trac.wordpress.org/browser/bp-profile-search/trunk/bps-admin.php
plugins	www.plugins.trac.wordpress.org/changeset/3136686/
plugins	www.plugins.trac.wordpress.org/changeset/3137271/bp-profile-search/tags/5.8/bps-admin.php

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.1

EPSS0.0025

SSVC