CVE-2022-40216 Auth

This plugin is used to send messages to a group of people. It provides a simple and effective way to send messages to your subscribers or customers. While installing or updating this plugin, it is recommended to keep the default settings of the plugin. However, if you want to customize the look and feel of the plugin or want to send different messages to different groups of people, you can change these settings. By default, Better Messages plugin uses the wp_mail() function to send emails.

An attacker can send emails with malicious content to the subscribers. These malicious emails may contain malicious links or attachments. These links redirect the victim's browser to a different site, which may have malicious code. Therefore, the malicious emails can be used to install a hacker's code on a victim's WordPress website. This can be used by the hacker to steal data or collect information.

Installing Better Messages Plugin

Install the plugin and activate it. Test the plugin by sending an email to your existing email address.

Vulnerability discovered and patch provided by WordPress core team

A vulnerability was discovered on the Better Messages plugin. The vulnerability is related to the function wp_mail(). If a hacker sends an email with malicious content, this plugin will execute these malicious instructions in the victim's browser. This vulnerability was patched by WordPress core team and it is recommended that you update your Better Messages plugin to the latest version.

How to Install Better Messages Plugin?

- Unzip the file and upload all of the files to your server.
- Activate the plugin by using a plugin activation tool like "Plugins > Add New" in WordPress.
- Go to Settings > Better Messages and configure it according to your needs.
- When you are done with configuration, save changes.

How Does Better Messages plugin send emails?

Better Messages plugin sends emails by using the wp_mail() function. This function uses the mailto: link to deliver the email to your subscribers. If you want to change this function, you can easily do it by updating the plugin settings.
In general, we advise keeping Better Messages plugin with the default settings and not changing anything else in your WordPress website.

Timeline

Published on: 11/18/2022 23:15:00 UTC
Last modified on: 11/23/2022 19:33:00 UTC

References

• https://wordpress.org/plugins/bp-better-messages/#developers
• https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-better-messages-plugin-1-9-10-69-messaging-block-bypass-vulnerability?_s_id=cve
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40216