Stored Cross-Site Scripting Vulnerability in Better Messages Plugin for WordPress
CVE-2025-14154
6.1MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 17 December 2025
What is CVE-2025-14154?
The Better Messages plugin for WordPress, used for live chat integrations and social platform functionalities, is susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject malicious web scripts through the guest display name feature. Consequently, when users visit the affected pages, these scripts execute, posing significant security risks to user data and site integrity.
Affected Version(s)
Better Messages β Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss * <= 2.10.2