Lucene search
K

24 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin BP Better Messages 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-30588

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:49 a.m.5 views

CVE-2024-32802

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...

5.3CVSS7AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.12 views

CVE-2021-24808

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.00912EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.4 views

WordPress plugin Better Messages 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS7.8AI score0.00461EPSS
Exploits0References5
NVD
NVD
added 2024/05/17 10:15 a.m.15 views

CVE-2024-32802

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...

5.3CVSS5.3AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/17 9:38 a.m.26 views

CVE-2024-32802 WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...

5.3CVSS5.3AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 9:38 a.m.63 views

CVE-2024-32802

CVE-2024-32802 is a Missing Authorization vulnerability in WordPress plugin BP Better Messages, affecting versions up to 2.4.32. The issue allows accessing functionality not constrained by ACLs. The public data confirms affected software and impact level (CVSS v3.1 base score 5.3, Medium), but th...

5.3CVSS6.8AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.5 views

WordPress plugin BP Better Messages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.00313EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.11 views

WordPress BP Better Messages Plugin <= 2.4.32 is vulnerable to Broken Authentication

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.32 Fixed in 2.4.33 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2024-32802 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f9f66260d562 Credits Ananda Dhakal...

5.3CVSS6.5AI score0.00313EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.16 views

WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Software BP Better Messages Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49168 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 979ad8298842 Credits Rafshanzani Suhada Required privile...

6.5CVSS6.6AI score0.00385EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.4 views

WordPress BP Better Messages Plugin < 2.1.21 is vulnerable to Cross Site Scripting (XSS)

Software BP Better Messages Type Plugin Vulnerable versions 2.1.21 Fixed in 2.1.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 144831464a6a Credits Rafie Muhammad Patchstack...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress BP Better Messages plugin < 1.9.9.170 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BP Better Messages plugin versions 1.9.9.170. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.170...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress BP Better Messages plugin < 1.9.9.170 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress BP Better Messages plugin versions 1.9.9.170. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.170...

2.4AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/11/04 12:0 a.m.12 views

WordPress BP Better Messages plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. The WordPress BP Better Messages plugin has a cross-site request forgery vulnerability in versions prior to 1.9.9.41, which...

8.8CVSS2.3AI score0.00703EPSS
Exploits2References1
NVD
NVD
added 2021/11/01 9:15 a.m.21 views

CVE-2021-24808

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.00912EPSS
Exploits2References2
Prion
Prion
added 2021/11/01 9:15 a.m.13 views

Cross site request forgery (csrf)

The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread,...

6.8CVSS8.5AI score0.00703EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/11/01 8:46 a.m.42 views

CVE-2021-24809

Affected software: WordPress BP Better Messages plugin. Vulnerability: Cross-Site Request Forgery (CSRF) in multiple AJAX actions (bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user...

8.8CVSS8.7AI score0.00703EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/11/01 8:46 a.m.48 views

CVE-2021-24808

The CVE-2021-24808 entry describes a Reflective Cross-Site Scripting in the BP Better Messages WordPress plugin prior to version 1.9.9.41. Root cause: the plugin sanitises the subject via sanitize_text_field but fails to escape it when outputting back into an HTML attribute, enabling attack strin...

6.1CVSS6.1AI score0.00912EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:46 a.m.23 views

CVE-2021-24808 BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.3AI score0.00912EPSS
Exploits2References2
Rows per page
Query Builder