Wordplus ≫ Better Messages

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

6.1

CVE-2021-24808

Exploit

EPSS 0.21%
Published 01.11.2021 09:15:09
Last modified 21.11.2024 05:53:48

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

8.8

CVE-2021-24809

Exploit

EPSS 0.3%
Published 01.11.2021 09:15:09
Last modified 21.11.2024 05:53:48

The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread...

<12