Better Messages Security Vulnerabilities and Issues — Better Messages CVE List

WordplusBetter Messages

11 matches found

CVE•added 2022/07/20 6:36 p.m.•66 views

CVE-2022-29454

CVE-2022-29454 affects the WordPress plugin WordPlus Better Messages (versions

4.3CVSS4.4AI score0.00325EPSS

CVE•added 2022/08/23 3:48 p.m.•65 views

CVE-2022-36389

The CVE-2022-36389 entry concerns the WordPress BP Better Messages plugin, affected in versions ≤ 1.9.9.148. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the plugin. The primary impact described in the sources is high (per CVSS data), but the connected documents do not provid...

8.8CVSS6.5AI score0.00123EPSS

CVE•added 2023/12/14 2:49 p.m.•64 views

CVE-2023-49168

CVE-2023-49168 is a Stored XSS vulnerability in the WordPress plugin BP Better Messages (Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss). Affected versions are through 2.4.0; the issue arises from improper input neutralization during web page generation....

6.5CVSS6.7AI score0.00181EPSS

CVE•added 2022/11/18 11:18 p.m.•60 views

CVE-2022-41609

The CVE concerns the WordPress Better Messages plugin, version 1.9.10.68 or earlier, which is vulnerable to an authenticated Server-Side Request Forgery (SSRF) when access is allowed to subscribers. The root cause involves the plugin validating parameters before making external/internal requests,...

8.8CVSS7.5AI score0.00451EPSS

CVE•added 2022/08/23 3:46 p.m.•57 views

CVE-2022-33142

The CVE-2022-33142 issue affects WordPlus WordPress Better Messages plugin versions ≤ 1.9.10.57. It is an authenticated (subscriber+) Denial of Service vulnerability. Several sources confirm the root cause is related to DoS risk from unauthorised-length/handling issues in message processing, enab...

7.7CVSS6.6AI score0.00656EPSS

CVE•added 2025/02/01 12:21 p.m.•49 views

CVE-2024-13612

CVE-2024-13612 (Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss) is an authenticated Stored Cross-Site Scripting (XSS) vulnerability via the plugin shortcodes/better_messages_live_chat_button, affecting all versions up to 2.6.9. Exploitation requires cont...

6.4CVSS5.7AI score0.00135EPSS

CVE•added 2025/03/01 8:23 a.m.•48 views

CVE-2024-13611

CVE-2024-13611 affects the WordPress plugin Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss. The issue is Unauthenticated Sensitive Information Exposure via the bp-better-messages directory, allowing retrieval of potentially sensitive attachments stored u...

7.5CVSS6.6AI score0.00206EPSS

CVE•added 2022/11/18 10:33 p.m.•47 views

CVE-2022-40216

CVE-2022-40216 affects the WordPress Better Messages plugin. Affected versions are

6.5CVSS5.4AI score0.00156EPSS

CVE•added 2025/03/01 8:23 a.m.•44 views

CVE-2024-13697

CVE-2024-13697 documents an unauthenticated SSRF in Better Messages for WordPress (plugin versions up to 2.7.4) via the nice_links feature. Exploitation requires Enable link previews (default). The connected docs indicate a patch is available and advise upgrading to a fixed version; no further ex...

6.5CVSS6.8AI score0.00269EPSS

CVE•added 2021/11/01 8:46 a.m.•39 views

CVE-2021-24808

The CVE-2021-24808 entry describes a Reflective Cross-Site Scripting in the BP Better Messages WordPress plugin prior to version 1.9.9.41. Root cause: the plugin sanitises the subject via sanitize_text_field but fails to escape it when outputting back into an HTML attribute, enabling attack strin...

6.1CVSS6.1AI score0.0021EPSS

Web

CVE•added 2021/11/01 8:46 a.m.•33 views

CVE-2021-24809

Affected software: WordPress BP Better Messages plugin. Vulnerability: Cross-Site Request Forgery (CSRF) in multiple AJAX actions (bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user...

8.8CVSS8.7AI score0.003EPSS

Web