Update the WordPress BP Better Messages plugin to the latest available version (at least 220.127.116.11).
Ananda Dhakal discovered and reported this Denial of Service Attack vulnerability in WordPress BP Better Messages Plugin. A denial of service attack occurs when a malicious actor can cause the endpoint, or website, to crash or refuse to serve requests to one or more users by causing it to hang, crash or make unusable. This vulnerability has been fixed in version 18.104.22.168.
Messaging Block Bypass vulnerability
ServerSide Request Forgery (SSRF) vulnerability
Toggle The Debug Mode via CrossSite Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability
CrossSite Request Forgery (CSRF) vulnerability