Log out
Get PRO

Latest

Input validation vulnerability in Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss 2.7.4

  • Severity: medium-risk
  • Status: Fixed
  • Publication: February 28, 2025

The Better Messages plugin for WordPress, BuddyPress, PeepSo, Ultimate Member, and BuddyBoss is not secure in versions up to 2.7.4. This vulnerability, known as Server-Side Request Forgery, allows attackers to make web requests from the plugin to any location they choose. This can be used to access and change information from internal services. To exploit this vulnerability, the “Enable link previews” option must be turned on (which is usually the default setting).

Detected in:

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss fixed vulnerable versions: >= * <= 2.7.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.