| CVE-2026-3739 | suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication | suitenumerique | messages | Medium | 6.3 | 2026-03-08 14:02:10 | Deep Dive |
| CVE-2025-14154 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.1 | 2025-12-17 05:24:55 | Deep Dive |
| CVE-2025-13389 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.3 | 2025-11-25 07:28:22 | Deep Dive |
| CVE-2025-13452 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 4.3 | 2025-11-25 07:28:20 | Deep Dive |
| CVE-2025-62903 | WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability | WPClever | WPC Smart Messages for WooCommerce | Medium | 6.5 | 2025-10-27 01:33:51 | Deep Dive |
| CVE-2025-10162 | OrderConvo < 14 - Unauthenticated Arbitrary File Read | Unknown | Admin and Customer Messages After Order for WooCommerce: OrderConvo | - | - | 2025-10-07 06:00:05 | Deep Dive |
| CVE-2025-60171 | WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vulnerability | yourplugins | Conditional Cart Messages for WooCommerce – YourPlugins.com | High | 7.1 | 2025-09-26 08:32:07 | Deep Dive |
| CVE-2025-43839 | WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | shanebp | BP Messages Tool | High | 7.1 | 2025-05-19 18:16:27 | Deep Dive |
| CVE-2024-13697 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 4.8 | 2025-03-01 08:23:21 | Deep Dive |
| CVE-2024-13611 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | High | 7.5 | 2025-03-01 08:23:20 | Deep Dive |
| CVE-2025-24660 | WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | wp.insider | Simple Membership Custom Messages | High | 7.1 | 2025-02-03 14:22:49 | Deep Dive |
| CVE-2024-13612 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wordplus | Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages | Medium | 6.4 | 2025-02-01 12:21:31 | Deep Dive |
| CVE-2024-13222 | User Messages <= 1.2.4 - Reflected XSS | Unknown | User Messages | 中危 | - | 2025-01-31 06:00:16 | Deep Dive |
| CVE-2025-22322 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability | DeluxeThemes | Private Messages for UserPro | High | 7.1 | 2025-01-21 13:40:35 | Deep Dive |
| CVE-2025-22311 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability | DeluxeThemes | Private Messages for UserPro | High | 7.5 | 2025-01-21 13:40:34 | Deep Dive |
| CVE-2024-13355 | Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.4 | 2025-01-16 09:39:14 | Deep Dive |
| CVE-2024-11374 | TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting | rezaplus | TWChat – Send or receive messages from users | Medium | 6.1 | 2024-12-07 09:27:04 | Deep Dive |
| CVE-2024-10436 | WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion | wpclever | WPC Smart Messages for WooCommerce | High | 8.8 | 2024-10-29 09:31:30 | Deep Dive |
| CVE-2024-10437 | WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation | wpclever | WPC Smart Messages for WooCommerce | Medium | 4.3 | 2024-10-29 09:31:30 | Deep Dive |
| CVE-2024-49235 | WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability | videowhisper | Contact Forms, Live Support, CRM, Video Messages | - | - | 2024-10-17 17:24:18 | Deep Dive |