CVE-2023-6981

🗓️ 03 Jan 2024 06:47:15Reported by [email protected]Type

The WP SMS plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter, allowing authenticated attackers to append additional SQL queries, possibly leading to Reflected Cross-site Scripting

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2023-6981	3 Jan 202406:15	–	cve
Patchstack	WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection	3 Jan 202400:00	–	patchstack
Cvelist	CVE-2023-6981	3 Jan 202405:31	–	cvelist
OSV	CVE-2023-6981	3 Jan 202406:15	–	osv
WPVulnDB	WP SMS < 6.5.1 - Contributor+ SQLi to Reflected XSS	3 Jan 202400:00	–	wpvulndb
Prion	Cross site scripting	3 Jan 202406:15	–	prion
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024)	11 Jan 202416:24	–	wordfence

Nvd

Node

veronalabs wp_smsRange<6.5.1freewordpress

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/b8f53053-5150-4fba-b8d6-3d6c9df32c69
github	www.github.com/wp-sms/wp-sms/commit/6656de201efe67c7983102c344a546eed976a819

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Jan 2024 06:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS34.9

EPSS0.002

CWE-89