WordPress Plugin Vulnerabilities

Better Messages < 1.9.9.149 - File Upload via CSRF

Description

The plugin does not have CSRF check in place when uploading files and the file attachment to messages settings is enabled, allowing attacker to make logged in users upload file via a CSRF attack

Affects Plugins

Plugin icon
bp-better-messages
Fixed in 1.9.9.149

References

CVE
CVE-2022-29454

Miscellaneous

Original Researcher
Roldan Brandon
Verified
No
WPVDB ID
f0dc48fe-4484-4d9c-9641-19de9f3d52c3

Timeline

Publicly Published
2022-01-18 (about 4 years ago)
Added
2022-07-24 (about 3 years ago)
Last Updated
2023-04-21 (about 3 years ago)

Other

Published
Title
Published
2024-04-05
Title
Church Admin < 4.1.6 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-10-17
Title
Nice Backgrounds <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2023-09-26
Title
Welcart e-Commerce < 2.8.22 - Editor+ Arbitrary File Upload
Published
2025-01-20
Title
Post/Page Copying Tool to Export and Import post/page for Cross site Migration < 2.0.4 - Authenticated (Contributor+) Arbitrary File Upload
Published
2024-07-04
Title
Church Admin < 4.4.7 - Authenticated (Subscriber+) Arbitrary File Upload