10 matches found
CVE-2024-30454
CVE-2024-30454 is a CSRF vulnerability reported for VeronaLabs WP SMS. The connected Red Hat entry confirms the issue description and states the vulnerability affects WP SMS versions up to 6.6.2 (no details on fixed/patched version are provided in the documents). The initial description also note...
CVE-2023-6981
CVE-2023-6981 concerns the WP SMS – Messaging & SMS Notification for WordPress plugin. The vulnerability is an SQL Injection via the group_id parameter in all versions up to and including 6.5, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation ...
CVE-2023-6980
WP SMS – Messaging & SMS Notification for WordPress plugin (WordPress, WooCommerce, GravityForms, etc.) up to version 6.5 is affected by Cross-Site Request Forgery due to missing/incorrect nonce validation on the delete action of the wp-sms-subscribers page. This allows unauthenticated attackers ...
CVE-2024-25920
CVE-2024-25920 concerns the WP SMS WordPress plugin (versions up to 6.3.4). The vulnerability is a Stored XSS caused by insufficient sanitization and output escaping of shortcode attributes, enabling authenticated users (Contributor+ level) to inject scripts that execute on page load. Impact is s...
CVE-2024-24881
CVE-2024-24881 is a Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc. Affected versions are n/a through 6.5.2; root cause is improper input neutralization during web page generation, enabling reflected XSS. ...
CVE-2023-27447
CVE-2023-27447 affects VeronaLabs WP SMS – Messaging & SMS Notification for WordPress (WordPress WP SMS Plugin) up to version 6.0.4. The issue exposes sensitive information to an unauthenticated actor (information disclosure). Patch availability: fixed in 6.0.4.1; recommended action: update to a ...
CVE-2024-43331
CVE-2024-43331 is a Missing Authorization vulnerability affecting WP SMS (VeronaLabs) for WordPress. Public records indicate impact on WP SMS versions up to 6.9.3. Red Hat and Wordfence entries corroborate Missing Authorization exposure for WP SMS, with patched status noted in Wordfence (patched ...
CVE-2024-34811
CVE-2024-34811 is an Improper Neutralization of Input During Web Page Generation (Stored XSS) in VeronaLabs WP SMS. Affected: WP SMS up to v6.5.1. Root cause: input is not properly sanitized during page generation. Impact: stored cross-site scripting vulnerability. Remediation: patched in public ...
CVE-2021-24561
The CVE-2021-24561 entry concerns the WP SMS WordPress plugin (versions prior to 5.4.13). The vulnerability is an Authenticated Stored Cross-Site Scripting issue caused by the plugin failing to sanitize the wp_group_name parameter when rendering the Groups page. Impact per sources is stored XSS w...
CVE-2023-32742
CVE-2023-32742 : Unauthenticated reflected XSS in VeronaLabs WP SMS plugin