The Better Messages plugin for WordPress, BuddyPress, PeepSo, Ultimate Member, and BuddyBoss is not secure. It is possible for hackers with contributor-level access or higher to insert harmful code that will run when a user visits a certain page. This vulnerability exists in all versions of the plugin up to 2.6.9.