Medium 6.1
2026-05-01< 2.7.0
CVE-2024-13362
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages
Minimum safe version
2.10.3
Update to 2.10.3 or later to address 19 fixable vulnerabilities
Latest available2.15.3 ✓
Medium 6.1
2025-12-17< 2.10.3
CVE-2025-14154
Medium 4.8
2025-03-01< 2.7.5
CVE-2024-13697
High 7.5
2025-03-01< 2.7.0
CVE-2024-13611
Medium 6.4
2025-02-03< 2.7.0
WordPress BP Better Messages Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)
Medium 6.3
2024-10-16< 1.9.9.170
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 5.3
2024-05-17< 2.4.33
CVE-2024-32802
Medium 6.5
2023-12-14< 2.4.1
CVE-2023-49168
N/A
2023-07-18< 2.1.21
WordPress BP Better Messages Plugin < 2.1.21 is vulnerable to Cross Site Scripting (XSS)
N/A
2022-03-04< 1.9.9.170
Freemius SDK <= 2.4.2 - Missing Authorization Checks
Medium 4.3
2022-11-18< 1.9.10.71
CVE-2022-40216
Medium 6.4
2022-11-18< 1.9.10.69
CVE-2022-41609
Medium 4.3
2023-01-18< 1.9.9.149
WordPress BP Better Messages Plugin <= 1.9.9.148 is vulnerable to Cross Site Request Forgery (CSRF)
High 7.7
2022-08-23< 1.9.10.58
CVE-2022-33142
Low 3.1
2023-01-18< 1.9.9.149
WordPress BP Better Messages Plugin <= 1.9.9.148 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2022-02-28< 1.9.9.170
WordPress BP Better Messages plugin < 1.9.9.170 - Sensitive Information Disclosure vulnerability
N/A
2022-02-28< 1.9.9.170
WordPress BP Better Messages plugin < 1.9.9.170 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
High 8.8
2021-11-01< 1.9.9.170
CVE-2021-24809
Medium 6.1
2021-11-01< 1.9.9.170
CVE-2021-24808