2 matches found
CVE-2021-24809
Affected software: WordPress BP Better Messages plugin. Vulnerability: Cross-Site Request Forgery (CSRF) in multiple AJAX actions (bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user...
CVE-2021-24809 BP Better Messages < 1.9.9.41 - Multiple CSRF
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread,...