24 matches found
WordPress plugin BP Better Messages 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2024-30588
Malicious code in bioql PyPI...
CVE-2024-32802
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...
CVE-2021-24808
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...
WordPress plugin Better Messages 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-32802
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...
CVE-2024-32802 WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32...
CVE-2024-32802
CVE-2024-32802 is a Missing Authorization vulnerability in WordPress plugin BP Better Messages, affecting versions up to 2.4.32. The issue allows accessing functionality not constrained by ACLs. The public data confirms affected software and impact level (CVSS v3.1 base score 5.3, Medium), but th...
WordPress plugin BP Better Messages 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress BP Better Messages Plugin <= 2.4.32 is vulnerable to Broken Authentication
Software BP Better Messages Type Plugin Vulnerable versions = 2.4.32 Fixed in 2.4.33 OWASP Top 10 A5: Security Misconfiguration Classification Broken Authentication CVE CVE-2024-32802 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f9f66260d562 Credits Ananda Dhakal...
WordPress BP Better Messages Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)
Software BP Better Messages Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49168 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 979ad8298842 Credits Rafshanzani Suhada Required privile...
WordPress BP Better Messages Plugin < 2.1.21 is vulnerable to Cross Site Scripting (XSS)
Software BP Better Messages Type Plugin Vulnerable versions 2.1.21 Fixed in 2.1.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 144831464a6a Credits Rafie Muhammad Patchstack...
WordPress BP Better Messages plugin < 1.9.9.170 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress BP Better Messages plugin versions 1.9.9.170. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.170...
WordPress BP Better Messages plugin < 1.9.9.170 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress BP Better Messages plugin versions 1.9.9.170. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.170...
WordPress BP Better Messages plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. The WordPress BP Better Messages plugin has a cross-site request forgery vulnerability in versions prior to 1.9.9.41, which...
CVE-2021-24808
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...
Cross site request forgery (csrf)
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread,...
CVE-2021-24809
Affected software: WordPress BP Better Messages plugin. Vulnerability: Cross-Site Request Forgery (CSRF) in multiple AJAX actions (bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user...
CVE-2021-24808
The CVE-2021-24808 entry describes a Reflective Cross-Site Scripting in the BP Better Messages WordPress plugin prior to version 1.9.9.41. Root cause: the plugin sanitises the subject via sanitize_text_field but fails to escape it when outputting back into an HTML attribute, enabling attack strin...
CVE-2021-24808 BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...