Lucene search

K

Better Messages (WordPress Plugin) Security Vulnerabilities

cve
cve

CVE-2024-32802

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
33
cve
cve

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress,...

6.5CVSS

5.8AI Score

0.0004EPSS

2023-12-14 03:15 PM
42
cve
cve

CVE-2022-41609

Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-19 12:15 AM
37
4
cve
cve

CVE-2022-40216

Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on...

6.5CVSS

6.4AI Score

0.001EPSS

2022-11-18 11:15 PM
23
4
cve
cve

CVE-2022-36389

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at...

8.8CVSS

8.8AI Score

0.001EPSS

2022-08-23 04:15 PM
38
5
cve
cve

CVE-2022-33142

Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at...

7.7CVSS

6.4AI Score

0.001EPSS

2022-08-23 04:15 PM
31
5
cve
cve

CVE-2022-29454

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be...

4.3CVSS

4.7AI Score

0.001EPSS

2022-07-20 07:15 PM
36
6
cve
cve

CVE-2021-24809

The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread,...

8.8CVSS

8.6AI Score

0.001EPSS

2021-11-01 09:15 AM
17
cve
cve

CVE-2021-24808

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6.1AI Score

0.001EPSS

2021-11-01 09:15 AM
18