CVE-2021-24808

CVE-2021-24808: BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

Vendor Unknown

Product BP Better Messages

Weakness CWE-79 · XSS

Published November 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

November 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24808 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-23187 CVE-2024-50452 WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-8203 Concrete CMS 9.5.0 and below has Stored XSS on the height parameter CVE-2024-33946 WordPress WPify Woo Czech plugin <= 4.0.10 - Cross Site Scripting (XSS) vulnerability CVE-2021-24975 NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS