Update the WordPress BP Better Messages plugin to the latest available version (at least 1.9.10.58).
Ananda Dhakal discovered and reported this Denial of Service Attack vulnerability in WordPress BP Better Messages Plugin. A denial of service attack occurs when a malicious actor can cause the endpoint, or website, to crash or refuse to serve requests to one or more users by causing it to hang, crash or make unusable. This vulnerability has been fixed in version 1.9.10.58.