cleantalk
Vulnerabilities and Security Researches

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss, CVE-2026-42736

CVE, Research URL

CVE-2026-42736

Home page URL

Security reports for Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Application

Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

Published on
May 27, 2026
Research Description
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.
Affected versions
max 2.15.0.
Status
vulnerable
Previous vulnerability researches
GutenBee &#8211; Gutenberg Blocks (CVE-2025-8566) , Oct 11, 2025
GutenBee &#8211; Gutenberg Blocks (CVE-2026-9227) , May 30, 2026
New vulnerability
Contact Form 7 &#8211; PayPal &amp; Stripe Add-on (CVE-2026-9189) , May 30, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2026-42736) , May 30, 2026
Simple History – user activity log, audit tool (CVE-2026-7459) , May 30, 2026
Eupago Gateway For Woocommerce (CVE-2026-7862) , May 30, 2026
Simple Divi Shortcode (CVE-2026-9714) , May 30, 2026