{"vulnerability": "CVE-2021-2480", "sightings": [{"uuid": "dab5548f-bb31-4bd4-b003-c9f761b8afd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24809", "type": "seen", "source": "https://t.me/cibsecurity/31529", "content": "\u203c CVE-2021-24809 \u203c\n\nThe BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T11:21:11.000000Z"}, {"uuid": "c67e9641-5467-4da2-9e4b-79d2f8f03e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24807", "type": "published-proof-of-concept", "source": "Telegram/W0hiKn_vlawQiz72xz36c1gwR2511rgPM525hD2dKBpyNg", "content": "", "creation_timestamp": "2021-11-13T15:31:13.000000Z"}, {"uuid": "db6a86b7-2207-4d9e-87d5-321a9ba46a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24802", "type": "seen", "source": "https://t.me/cibsecurity/32510", "content": "\u203c CVE-2021-24802 \u203c\n\nThe Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:27:37.000000Z"}, {"uuid": "650d9ca3-d74a-4943-8c52-f5463e8143e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24806", "type": "seen", "source": "https://t.me/cibsecurity/31993", "content": "\u203c CVE-2021-24806 \u203c\n\nThe wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T20:29:20.000000Z"}]}