Filtered by vendor Wordplus
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40216 | 1 Wordplus | 1 Better Messages | 2022-11-23 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | |||||
| CVE-2022-41609 | 1 Wordplus | 1 Better Messages | 2022-11-20 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | |||||
| CVE-2022-36389 | 1 Wordplus | 1 Better Messages | 2022-08-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | |||||
| CVE-2022-33142 | 1 Wordplus | 1 Better Messages | 2022-08-24 | N/A | 6.5 MEDIUM |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | |||||
| CVE-2022-29454 | 1 Wordplus | 1 Better Messages | 2022-07-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | |||||
| CVE-2021-24808 | 1 Wordplus | 1 Better Messages | 2021-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24809 | 1 Wordplus | 1 Better Messages | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions | |||||