The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
5.4CVSS
5.3AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS β Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS β Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
7.5CVSS
7.5AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <= 6.1.4 versions.
7.1CVSS
6AI Score
0.001EPSS
The WP SMS β Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers p...
4.3CVSS
4.5AI Score
0.007EPSS
The WP SMS β Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...
6.1CVSS
5.7AI Score
0.007EPSS