Wordplus Better Messages — known CVE vulnerabilities
Every CVE whose affected-product data names Wordplus Better Messages, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2021-24809 — CVSS 8.8 (high): The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_ch…
CVE-2022-33142 — CVSS 7.7 (high): Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.
CVE-2024-13611 — CVSS 7.5 (high): The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to…
CVE-2023-49168 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live…
CVE-2024-13612 — CVSS 6.4 (medium): The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to…
CVE-2022-41609 — CVSS 6.4 (medium): Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.
CVE-2021-24808 — CVSS 6.1 (medium): The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter…
CVE-2024-13697 — CVSS 4.8 (medium): The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to…
CVE-2022-40216 — CVSS 4.3 (medium): Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.
CVE-2022-36389 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.
CVE-2022-29454 — CVSS 3.1 (low): Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload…