5 matches found
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin SMS Alert Order Notifications versions = 3.8.8...
CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...
CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-70735)
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin, which stems from a cross-site scripting XSS vulnerability in the settings page of the SMS Alert Order Notifications...