CVE-2024-13611 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposu…
High CVSS: 7.5

CVE-2024-13611

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages.
Vendor
Wordplus
Product
Better Messages
CWE
CWE-200
Yayın Tarihi
2025-03-01 09:15:09
Güncelleme
2025-05-26 01:26:51
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-200 Better Messages HIGH Wordplus 2025

Referanslar

https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/addons/files.php https://plugins.trac.wordpress.org/changeset/3228957/ https://www.wordfence.com/threat-intel/vulnerabilities/id/997918b9-2ccd-413e-9df2-d24bc3820ba1?source=cve