EUVD-2024-22244

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Cross-site Scripting vulnerability in WP SMS allows Reflected XSS affecting versions up to 6.5.2

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-24881	8 Feb 202413:22	–	circl
CNNVD	WordPress Plugin WP SMS Cross-Site Scripting Vulnerability	8 Feb 202400:00	–	cnnvd
CVE	CVE-2024-24881	8 Feb 202411:19	–	cve
Cvelist	CVE-2024-24881 WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)	8 Feb 202411:19	–	cvelist
NVD	CVE-2024-24881	8 Feb 202412:15	–	nvd
OSV	CVE-2024-24881	8 Feb 202412:15	–	osv
Patchstack	WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)	5 Feb 202400:00	–	patchstack
Prion	Cross site scripting	8 Feb 202412:15	–	prion
Positive Technologies	PT-2024-20637 · Veronalabs · Veronalabs Wp Sms	8 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-24881	5 Feb 202502:25	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "fb2ef05e-cf87-317f-ac32-45379850b8f7",
        "vendor": {
          "name": "VeronaLabs"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "336af3d6-025f-3574-85bb-cdb671fbfac9",
        "product": {
          "name": "WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc"
        },
        "product_version": "n/a ≤6.5.2"
      },
      {
        "id": "8a8741b7-97d2-3765-8c82-2e45706b58d2",
        "product": {
          "name": "WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc"
        }
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability

03 Oct 2025 20:07Current

7.5High risk

Vulners AI Score7.5

CVSS 3.16.1 - 7.1

EPSS0.00125

SSVC