VYPR

Better Messages

by WordPress

CVEs (9)

  • CVE-2022-33142HigAug 23, 2022
    risk 0.50cvss 7.7epss 0.01

    Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.

  • CVE-2024-13611HigMar 1, 2025
    risk 0.49cvss 7.5epss 0.00

    The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for…

  • CVE-2023-49168MedDec 14, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for…

  • CVE-2022-41609MedNov 19, 2022
    risk 0.42cvss 6.4epss 0.01

    Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.

  • CVE-2024-13612MedFeb 1, 2025
    risk 0.35cvss 6.4epss 0.00

    The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to…

  • CVE-2024-13697MedMar 1, 2025
    risk 0.31cvss 4.8epss 0.00

    The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. This makes it possible for unauthenticated…

  • CVE-2022-40216MedNov 18, 2022
    risk 0.28cvss 4.3epss 0.00

    Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.

  • CVE-2022-36389MedAug 23, 2022
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.

  • CVE-2022-29454LowJul 20, 2022
    risk 0.20cvss 3.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.