Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.7 views

CVE-2024-1489

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

4.3CVSS4.3AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2025/05/12 7:15 p.m.5 views

CVE-2025-47682

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/12 6:19 p.m.15 views

CVE-2025-47682 WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.1...

9.3CVSS8.9AI score0.00322EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/12 1:23 p.m.9 views

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via saverify Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin SMS Alert Order Notifications versions = 3.8.1...

6.4CVSS6.3AI score0.00231EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/05/10 12:15 p.m.5 views

CVE-2025-3878

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2025/05/10 11:22 a.m.73 views

CVE-2025-3876

CVE-2025-3876 affects SMS Alert Order Notifications – WooCommerce (WordPress). The vulnerability is a Privilege Escalation due to insufficient OTP validation in handleWpLoginCreateUserAction(), affecting all versions up to 3.8.1. Authenticated users with Subscriber+ access can impersonate other a...

8.8CVSS8.6AI score0.00387EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/10 11:22 a.m.10 views

CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with...

8.8CVSS6.7AI score0.00387EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/10 12:0 a.m.8 views

PT-2025-20621 · WordPress · Sms Alert Order Notifications

Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.8.1 Description: The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient...

8.8CVSS8.7AI score0.00387EPSS
Exploits0References15
NVD
NVD
added 2025/03/03 2:15 p.m.18 views

CVE-2025-26988

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.7.8...

9.3CVSS0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.24 views

CVE-2025-26988 WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.7.8...

9.3CVSS0.00479EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-16130 · WordPress · Sms Alert Order Notifications

Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sa subscribe shortcode due to insufficient input...

6.4CVSS5.7AI score0.00333EPSS
Exploits0References10
Rows per page
Query Builder