Vulnerabilities > Wordplus > Better Messages > 2.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-01 | CVE-2024-13611 | Information Exposure vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. | 7.5 |
| 2025-03-01 | CVE-2024-13697 | Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. | 6.5 |
| 2025-02-01 | CVE-2024-13612 | Cross-site Scripting vulnerability in Wordplus Better Messages The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |