cleantalk
Vulnerabilities and Security Researches

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss, CVE-2026-42736

CVE, Research URL

CVE-2026-42736

Home page URL

Security reports for Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Application

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Published on
May 27, 2026
Research Description
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.
Affected versions
max 2.15.0.
Status
vulnerable
Previous vulnerability researches
Hello Elementor (CVE-2024-31289) , Jun 10, 2024
Envo&#039;s Elementor Templates & Widgets for WooCommerce (CVE-2024-43292) , Aug 20, 2024
Envo&#039;s Elementor Templates & Widgets for WooCommerce (CVE-2024-0766) , Jun 10, 2024
Envo&#039;s Elementor Templates & Widgets for WooCommerce (CVE-2024-35167) , Jun 10, 2024
Envo&#039;s Elementor Templates & Widgets for WooCommerce (CVE-2024-50447) , Oct 27, 2024
New vulnerability
Spectra &#8211; WordPress Gutenberg Blocks (CVE-2026-7465) , May 31, 2026
Contact Form 7 &#8211; PayPal &amp; Stripe Add-on (CVE-2026-9189) , May 30, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2026-42736) , May 30, 2026
Simple History – user activity log, audit tool (CVE-2026-7459) , May 30, 2026
Eupago Gateway For Woocommerce (CVE-2026-7862) , May 30, 2026