Ghostwire
Home / Vulnerabilities / CVE-2026-42736

CVE-2026-42736: Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows...

HIGH CVSS 7.5

Published: May 27, 2026 | Last Modified: May 27, 2026

Description

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

CVE Feed
CVE-2026-42736 - WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

References