5 matches found
WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via saverify Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin SMS Alert Order Notifications versions = 3.8.1...
CVE-2025-3878
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3878
creationtimestamp| type| source ---|---|--- 2025-05-10 11:26:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15889 2025-05-10 13:01:52+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3losug7u336h2 2025-05-10 14:37:15+00:00| seen|...
CVE-2025-3878
CVE-2025-3878 | SMS Alert Order Notifications – WooCommerce (WordPress) is vulnerable to Stored Cross-Site Scripting via the plugin’s sa_verify shortcode in all versions up to 3.8.1 due to insufficient input sanitization and output escaping of user-supplied attributes. The vulnerability can be ex...
CVE-2025-3878 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...