CVE-2022-41609: WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability - Patchstack

Verified

Fixed

6.4

CVSS 3.1 score Medium severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.9.10.68

PSID

c9e94d9d83d9

Classification

Server Side Request Forgery (SSRF)

OWASP Top 10

A6: Security Misconfiguration

Required privilege

Requires subscriber or higher role user authentication.

Publicly disclosed

2022-10-21

Details

Server-Side Request Forgery (SSRF) vulnerability discovered by Dhakal Ananda (Patchstack Alliance) in WordPress Better Messages plugin (versions <= 1.9.10.68).

Solution

Update the WordPress BP Better Messages plugin to the latest available version (at least 1.9.10.69).

References