CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/12/17 5:24 a.m.•24 views

CVE-2025-14154 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting

6.1CVSS0.00106EPSS

EUVD•added 2025/12/17 5:24 a.m.•1 views

EUVD-2025-203876

6.1CVSS4.8AI score0.00106EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51814

6.1CVSS5.2AI score0.00106EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-5890

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00206EPSS

RedhatCVE•added 2025/05/23 7:35 a.m.•3 views

CVE-2024-13612

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bettermessageslivechatbutton' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

6.4CVSS5.8AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:5 p.m.•5 views

CVE-2021-24808

The BP Better Messages WordPress plugin before 1.9.9.41 sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.0021EPSS

Exploits2References1

RedhatCVE•added 2025/03/03 9:16 a.m.•5 views

CVE-2024-13611

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attacke...

7.5CVSS6.5AI score0.00206EPSS

Exploits0References1

NVD•added 2025/03/01 9:15 a.m.•5 views

CVE-2024-13611

7.5CVSS0.00206EPSS

OSV•added 2025/03/01 9:15 a.m.•1 views

CVE-2024-13611

7.5CVSS5.8AI score

NVD•added 2025/03/01 9:15 a.m.•5 views

CVE-2024-13697

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nicelinks'. This makes it possible for unauthenticated attackers to make web request...

6.5CVSS0.00269EPSS

CVE•added 2025/03/01 8:23 a.m.•46 views

CVE-2024-13697

CVE-2024-13697 documents an unauthenticated SSRF in Better Messages for WordPress (plugin versions up to 2.7.4) via the nice_links feature. Exploitation requires Enable link previews (default). The connected docs indicate a patch is available and advise upgrading to a fixed version; no further ex...

6.5CVSS6.8AI score0.00269EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/03/01 8:23 a.m.•6 views

CVE-2024-13697 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links

4.8CVSS5.1AI score0.00269EPSS

Vulnrichment•added 2025/03/01 8:23 a.m.•6 views

CVE-2024-13611 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

7.5CVSS7.4AI score0.00206EPSS

OSV•added 2025/02/01 1:15 p.m.•1 views

CVE-2024-13612

5.4CVSS5.9AI score0.00135EPSS

NVD•added 2025/02/01 1:15 p.m.•8 views

CVE-2024-13612

6.4CVSS0.00135EPSS

Vulnrichment•added 2025/02/01 12:21 p.m.•5 views

CVE-2024-13612 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00135EPSS