Lucene search
K

4 matches found

CVE
CVE
added 2024/01/03 5:31 a.m.98 views

CVE-2023-6981

CVE-2023-6981 concerns the WP SMS – Messaging & SMS Notification for WordPress plugin. The vulnerability is an SQL Injection via the group_id parameter in all versions up to and including 6.5, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation ...

6.1CVSS5.7AI score0.00414EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/03 5:31 a.m.8 views

CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.1CVSS6.7AI score0.00414EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/03 5:31 a.m.34 views

CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.1CVSS6.6AI score0.00414EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.19 views

WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection

Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...

6.1CVSS6.9AI score0.00414EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder