Update the WordPress BP Better Messages plugin to the latest available version (at least 220.127.116.11).
Ananda Dhakal discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress BP Better Messages Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information. This vulnerability has been fixed in version 18.104.22.168.
Messaging Block Bypass vulnerability
Denial Of Service (DoS) vulnerability
Toggle The Debug Mode via CrossSite Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability
CrossSite Request Forgery (CSRF) vulnerability