CVE-2024-12220

🗓️ 17 Dec 2024 07:23:15Reported by WordfenceType

Vulnerability in SMS for WooCommerce allows Cross-Site Request Forgery and scripting attacks.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-12220	17 Dec 202407:29	–	circl
CNNVD	WordPress plugin SMS for WooCommerce 跨站请求伪造漏洞	17 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-12220 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	17 Dec 202407:23	–	cvelist
EUVD	EUVD-2024-50690	3 Oct 202520:07	–	euvd
NVD	CVE-2024-12220	17 Dec 202408:15	–	nvd
Patchstack	WordPress SMS for WooCommerce plugin <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability	16 Dec 202422:19	–	patchstack
Positive Technologies	PT-2024-17491 · WordPress · Sms For Woocommerce	17 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-12220	23 May 202506:19	–	redhatcve
Vulnrichment	CVE-2024-12220 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	17 Dec 202407:23	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 16, 2024 to January 5, 2025)	9 Jan 202514:35	–	wordfence

Vulners

Node

theafricanboss sms_for_woocommerceRange≤2.8.1wordpress

[
  {
    "vendor": "theafricanboss",
    "product": "SMS for WooCommerce",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/wc-sms/
plugins	www.plugins.trac.wordpress.org/changeset/3207316/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/35707e4e-ca67-43fe-b120-79101ef31155

15 Apr 2026 00:35Current

6Medium risk

Vulners AI Score6

CVSS 3.16.1

EPSS0.00556

SSVC

CWE-352

cve-2024-12220 cross-site request forgery woocommerce vulnerability