CVE Catalog

CVE-2026-42736

High
Published: Translated: NVD NIST

Summary

CVE-2026-42736 describes an authorization bypass vulnerability through a user-controlled key in the BP Better Messages plugin. This issue affects versions from n/a through 2.14.16 inclusive.

Risk Assessment

Organizations may be exposed to unauthorized access to plugin features, potentially leading to data leaks or unauthorized user actions.

Recommendation

It is recommended to update the BP Better Messages plugin to the latest version to mitigate this vulnerability and improve access control configuration.

Original NVD description (English source)

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS