cleantalk
Vulnerabilities and Security Researches

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss, CVE-2021-24809

CVE, Research URL

CVE-2021-24809

Home page URL

Security reports for Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Application

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Published on
Nov 01, 2021
Research Description
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions
Affected versions
max 1.9.9.170.
Status
vulnerable
Previous vulnerability researches
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2024-13362) , May 02, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2025-14154) , Jan 10, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2024-13697) , Mar 03, 2025
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2024-13611) , Mar 03, 2025
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2021-24809) , Jun 06, 2024
New vulnerability
Login with phone number (CVE-2026-3655) , May 31, 2026
Spectra – WordPress Gutenberg Blocks (CVE-2026-7465) , May 31, 2026
Contact Form 7 – PayPal & Stripe Add-on (CVE-2026-9189) , May 30, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2026-42736) , May 30, 2026
Simple History – user activity log, audit tool (CVE-2026-7459) , May 30, 2026