Wp Sms Security Vulnerabilities and Issues — Wp Sms CVE List

Lucene search

VeronalabsWp Sms

10 matches found

CVE•added 2024/01/03 6:15 a.m.•81 views

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

6.1CVSS5.7AI score0.00346EPSS

CVE•added 2024/03/29 5:15 p.m.•76 views

CVE-2024-30454

Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.

8.8CVSS5AI score0.00171EPSS

CVE•added 2024/01/03 6:15 a.m.•75 views

CVE-2023-6980

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers p...

4.3CVSS4.5AI score0.00088EPSS

CVE•added 2024/03/27 6:15 a.m.•70 views

CVE-2024-25920

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.

6.5CVSS6.4AI score0.0012EPSS

CVE•added 2024/02/08 12:15 p.m.•64 views

CVE-2024-24881

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommer...

7.1CVSS7.6AI score0.00125EPSS

CVE•added 2024/08/22 12:15 p.m.•50 views

CVE-2024-43331

Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.

9.8CVSS5.4AI score0.00229EPSS

CVE•added 2023/12/28 11:15 a.m.•49 views

CVE-2023-27447

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.

7.5CVSS7.5AI score0.00282EPSS

CVE•added 2024/05/14 3:39 p.m.•38 views

CVE-2024-34811

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.

5.9CVSS6.6AI score0.00162EPSS

CVE•added 2021/08/23 12:15 p.m.•33 views

CVE-2021-24561

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

5.4CVSS5.3AI score0.00202EPSS

CVE•added 2023/08/30 12:15 p.m.•30 views

CVE-2023-32742

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin

7.1CVSS6AI score0.0007EPSS