HarborGuard / CVE
Back to search
HIGHCVE-2026-42736Published Modified CNA Patchstack

CVE-2026-42736: WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • wordplus / BP Better Messages
    ≤ 2.14.16
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References