4 matches found
CVE-2023-6981
CVE-2023-6981 concerns the WP SMS – Messaging & SMS Notification for WordPress plugin. The vulnerability is an SQL Injection via the group_id parameter in all versions up to and including 6.5, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation ...
CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection
Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...