Lucene search
K

10 matches found

CVE
CVE
added 2022/07/20 6:36 p.m.77 views

CVE-2022-29454

CVE-2022-29454 affects the WordPress plugin WordPlus Better Messages (versions

4.3CVSS4.4AI score0.00251EPSS
CVE
CVE
added 2023/12/14 2:49 p.m.75 views

CVE-2023-49168

CVE-2023-49168 is a Stored XSS vulnerability in the WordPress plugin BP Better Messages (Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss). Affected versions are through 2.4.0; the issue arises from improper input neutralization during web page generation....

6.5CVSS6.7AI score0.00385EPSS
CVE
CVE
added 2022/11/18 11:18 p.m.69 views

CVE-2022-41609

The CVE concerns the WordPress Better Messages plugin, version 1.9.10.68 or earlier, which is vulnerable to an authenticated Server-Side Request Forgery (SSRF) when access is allowed to subscribers. The root cause involves the plugin validating parameters before making external/internal requests,...

8.8CVSS7.5AI score0.00535EPSS
CVE
CVE
added 2022/08/23 3:46 p.m.65 views

CVE-2022-33142

The CVE-2022-33142 issue affects WordPlus WordPress Better Messages plugin versions ≤ 1.9.10.57. It is an authenticated (subscriber+) Denial of Service vulnerability. Several sources confirm the root cause is related to DoS risk from unauthorised-length/handling issues in message processing, enab...

7.7CVSS6.6AI score0.00871EPSS
CVE
CVE
added 2025/02/01 12:21 p.m.57 views

CVE-2024-13612

CVE-2024-13612 (Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss) is an authenticated Stored Cross-Site Scripting (XSS) vulnerability via the plugin shortcodes/better_messages_live_chat_button, affecting all versions up to 2.6.9. Exploitation requires cont...

6.4CVSS5.7AI score0.00297EPSS
CVE
CVE
added 2025/03/01 8:23 a.m.56 views

CVE-2024-13611

CVE-2024-13611 affects the WordPress plugin Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss. The issue is Unauthenticated Sensitive Information Exposure via the bp-better-messages directory, allowing retrieval of potentially sensitive attachments stored u...

7.5CVSS6.6AI score0.00461EPSS
CVE
CVE
added 2022/11/18 10:33 p.m.54 views

CVE-2022-40216

CVE-2022-40216 affects the WordPress Better Messages plugin. Affected versions are

6.5CVSS5.4AI score0.00447EPSS
CVE
CVE
added 2025/03/01 8:23 a.m.50 views

CVE-2024-13697

CVE-2024-13697 documents an unauthenticated SSRF in Better Messages for WordPress (plugin versions up to 2.7.4) via the nice_links feature. Exploitation requires Enable link previews (default). The connected docs indicate a patch is available and advise upgrading to a fixed version; no further ex...

6.5CVSS6.8AI score0.00262EPSS
CVE
CVE
added 2021/11/01 8:46 a.m.49 views

CVE-2021-24808

The CVE-2021-24808 entry describes a Reflective Cross-Site Scripting in the BP Better Messages WordPress plugin prior to version 1.9.9.41. Root cause: the plugin sanitises the subject via sanitize_text_field but fails to escape it when outputting back into an HTML attribute, enabling attack strin...

6.1CVSS6.1AI score0.00912EPSS
Web
CVE
CVE
added 2021/11/01 8:46 a.m.42 views

CVE-2021-24809

Affected software: WordPress BP Better Messages plugin. Vulnerability: Cross-Site Request Forgery (CSRF) in multiple AJAX actions (bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user...

8.8CVSS8.7AI score0.00703EPSS
Web