Wordplus CVE - OpenCVE

Filtered by vendor Wordplus Subscribe

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-49168	1 Wordplus	1 Better Messages	2024-11-21	N/A	6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.
CVE-2022-41609	1 Wordplus	1 Better Messages	2024-11-21	N/A	6.4 MEDIUM
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.
CVE-2022-40216	1 Wordplus	1 Better Messages	2024-11-21	N/A	4.3 MEDIUM
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.
CVE-2022-36389	1 Wordplus	1 Better Messages	2024-11-21	N/A	4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.
CVE-2022-33142	1 Wordplus	1 Better Messages	2024-11-21	N/A	7.7 HIGH
Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.
CVE-2022-29454	1 Wordplus	1 Better Messages	2024-11-21	N/A	3.1 LOW
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.
CVE-2021-24809	1 Wordplus	1 Better Messages	2024-11-21	6.8 MEDIUM	8.8 HIGH
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions
CVE-2021-24808	1 Wordplus	1 Better Messages	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Vulnerabilities (CVE)