A cybersecurity firm says it has identified flaws in the popular messaging app WhatsApp that could allow hackers to manipulate messages in both public and private conversations, raising the prospect of misinformation being spread by what appears to be trusted sources.

Check Point Software Technologies Ltd., an Israeli company that provides security for computer networks, said its researchers found three potential ways to alter conversations. One uses the “quote” feature in a group conversation to change the appearance of the identity of a sender. Another lets a hacker change the text of someone else’s reply. And the other, which has...