PT-2025-9167 · WordPress · The Better Messages – Live Chat

Tim Coen

Published

2025-03-01

Updated

2025-03-06

CVE-2024-13611

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Better Messages – Live Chat for WordPress plugin versions up to and including 2.6.9

Description The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory, which can contain file attachments included in chat messages. This is possible due to sensitive information exposure in the bp-better-messages directory.

Recommendations For versions up to and including 2.6.9, update to a version higher than 2.6.9 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads/bp-better-messages directory to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-13611

Affected Products

The Better Messages – Live Chat

PT-2025-9167 · WordPress · The Better Messages – Live Chat

CVE-2024-13611

Weakness Enumeration

Related Identifiers

Affected Products

References · 12