Vulnerabilities > Wordplus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-19 | CVE-2022-41609 | Server-Side Request Forgery (SSRF) vulnerability in Wordplus Better Messages Auth. | 8.8 |
| 2022-08-23 | CVE-2022-36389 | Unspecified vulnerability in Wordplus Better Messages Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | 8.8 |
| 2021-11-01 | CVE-2021-24809 | Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. | 8.8 |