Cross-Site Request Forgery (CSRF) vulnerability discovered by Brandon Roldan in WordPress BP Better Messages plugin (versions <= 1.9.9.37).
Update the WordPress BP Better Messages plugin to the latest available version (or at least to the version 1.9.9.41).