A popular plugin for WordPress, BuddyPress, PeepSo, Ultimate Member, and BuddyBoss, called “Better Messages – Live Chat,” has a security vulnerability. This means that anyone who doesn’t have an account can access private information that is stored in a specific directory. This information includes any files that were attached to chat messages. The vulnerability is present in all versions up to 2.6.9.