Update the WordPress BP Better Messages plugin to the latest available version (at least 1.9.10.69).
Ananda Dhakal discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress BP Better Messages Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information. This vulnerability has been fixed in version 1.9.10.69.
Messaging Block Bypass vulnerability
09.11.2022
Denial Of Service (DoS) vulnerability
22.08.2022
Toggle The Debug Mode via CrossSite Request Forgery (CSRF) vulnerability
28.02.2022
Sensitive Information Disclosure vulnerability
28.02.2022
CrossSite Request Forgery (CSRF) vulnerability
18.01.2022