CVE-2024-13697

Medium CVSS: 4.8

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Successful exploitation requires the "Enable link previews" to be enabled (default).

Vendor

Wordplus

Product

Better Messages

CWE

CWE-918

Yayın Tarihi

2025-03-01 09:15:09

Güncelleme

2025-05-26 01:24:15

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-918 Better Messages MEDIUM Wordplus 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3243180/bp-better-messages https://www.wordfence.com/threat-intel/vulnerabilities/id/b67710d7-976b-4a65-bad3-091a97aceb00?source=cve