Vulnerabilities > Wordplus > Better Messages > 1.9.9.132
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-01 | CVE-2024-13612 | Cross-site Scripting vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-12-14 | CVE-2023-49168 | Unspecified vulnerability in Wordplus Better Messages Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0. | 5.4 |
| 2022-11-19 | CVE-2022-41609 | Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages Auth. | 8.8 |
| 2022-11-18 | CVE-2022-40216 | Unspecified vulnerability in Wordplus Better Messages Auth. | 6.5 |
| 2022-08-23 | CVE-2022-33142 | Unspecified vulnerability in Wordplus Better Messages Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | 6.5 |
| 2022-08-23 | CVE-2022-36389 | Unspecified vulnerability in Wordplus Better Messages Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | 8.8 |
| 2022-07-20 | CVE-2022-29454 | Unspecified vulnerability in Wordplus Better Messages Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. | 4.3 |