CVE-2026-4984

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs 'MediaUrlN' parameters using HTTP requests that include the integration's Twilio credentials in the 'Authorization'...

CVE-2026-4984

CVE-2026-4984 affects Botpress’s Twilio integration webhook handler. The vulnerability arises because the webhook accepts POST requests without validating Twilio’s X-Twilio-Signature, and when processing media messages it fetches user-controlled URLs (MediaUrlN) via HTTP requests that include the...

EUVD-2022-51385

Malicious code in bioql PyPI...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

CVE-2022-4004 Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

CVE-2022-4004 Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

CVE-2022-4004

Affected software: Donation Button WordPress plugin, versions through 4.0.0. Vulnerability: the AJAX action donation_button_twilio_send_test_sms does not properly enforce privileges or nonce checks. Impact: any logged-in user on the site (e.g., subscribers) could use the plugin’s Twilio integrati...

PT-2022-25172 · Twilio · Twilio

Name of the Vulnerable Software and Affected Versions: Donation Button WordPress plugin versions through 4.0.0 Description: The issue concerns a lack of proper privilege and nonce token checks in the donation button twilio send test sms AJAX action. This may allow users with an account on the...

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. PoC While...