Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Better_messages
(Wordplus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-23 | CVE-2022-33142 | Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | Better_messages | 6.5 | ||
| 2022-08-23 | CVE-2022-33142 | Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | Better_messages | 6.5 | ||
| 2022-11-18 | CVE-2022-40216 | Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | Better_messages | 6.5 | ||
| 2025-02-01 | CVE-2024-13612 | The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that... | Better_messages | 5.4 | ||
| 2021-11-01 | CVE-2021-24808 | The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | Better_messages | 6.1 | ||
| 2021-11-01 | CVE-2021-24809 | The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions | Better_messages | 8.8 | ||
| 2022-07-20 | CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | Better_messages | 4.3 | ||
| 2022-08-23 | CVE-2022-36389 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | Better_messages | 8.8 | ||
| 2022-11-19 | CVE-2022-41609 | Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress. | Better_messages | 8.8 | ||
| 2023-12-14 | CVE-2023-49168 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0. | Better_messages | 5.4 |