Vulnerabilities > Wordplus

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-49168 Cross-site Scripting vulnerability in Wordplus Better Messages
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.
network
low complexity
wordplus CWE-79
5.4
2022-11-19 CVE-2022-41609 Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages
Auth.
network
low complexity
wordplus CWE-918
8.8
2022-11-18 CVE-2022-40216 Unspecified vulnerability in Wordplus Better Messages
Auth.
network
low complexity
wordplus
6.5
2022-08-23 CVE-2022-33142 Unspecified vulnerability in Wordplus Better Messages
Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.
network
low complexity
wordplus
6.5
2021-11-01 CVE-2021-24808 Cross-site Scripting vulnerability in Wordplus Better Messages
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
network
wordplus CWE-79
4.3
2021-11-01 CVE-2021-24809 Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread.
network
wordplus CWE-352
6.8