PT-2025-51814 · WordPress · Better Messages – Live Chat For Wordpress
D.Sim
·
Published
2025-12-17
·
Updated
2025-12-17
·
CVE-2025-14154
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress versions up to and including 2.10.2
Description
The software is susceptible to a Stored Cross-Site Scripting issue due to inadequate input sanitization and output escaping. Specifically, the guest display name field is not properly validated, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts will execute when a user accesses an injected page.
Recommendations
Update The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress to a version later than 2.10.2.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Better Messages – Live Chat For Wordpress