Lucene search
K
VeronalabsWp Sms

10 matches found

CVE
CVE
added 2024/03/29 4:30 p.m.108 views

CVE-2024-30454

CVE-2024-30454 is a CSRF vulnerability reported for VeronaLabs WP SMS. The connected Red Hat entry confirms the issue description and states the vulnerability affects WP SMS versions up to 6.6.2 (no details on fixed/patched version are provided in the documents). The initial description also note...

8.8CVSS8.6AI score0.00241EPSS
CVE
CVE
added 2024/01/03 5:31 a.m.98 views

CVE-2023-6981

CVE-2023-6981 concerns the WP SMS – Messaging & SMS Notification for WordPress plugin. The vulnerability is an SQL Injection via the group_id parameter in all versions up to and including 6.5, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation ...

6.1CVSS5.7AI score0.00414EPSS
CVE
CVE
added 2024/01/03 5:31 a.m.90 views

CVE-2023-6980

WP SMS – Messaging & SMS Notification for WordPress plugin (WordPress, WooCommerce, GravityForms, etc.) up to version 6.5 is affected by Cross-Site Request Forgery due to missing/incorrect nonce validation on the delete action of the wp-sms-subscribers page. This allows unauthenticated attackers ...

4.3CVSS4.5AI score0.00248EPSS
CVE
CVE
added 2024/03/27 5:45 a.m.88 views

CVE-2024-25920

CVE-2024-25920 concerns the WP SMS WordPress plugin (versions up to 6.3.4). The vulnerability is a Stored XSS caused by insufficient sanitization and output escaping of shortcode attributes, enabling authenticated users (Contributor+ level) to inject scripts that execute on page load. Impact is s...

6.5CVSS8.6AI score0.00317EPSS
CVE
CVE
added 2024/02/08 11:19 a.m.80 views

CVE-2024-24881

CVE-2024-24881 is a Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc. Affected versions are n/a through 6.5.2; root cause is improper input neutralization during web page generation, enabling reflected XSS. ...

7.1CVSS7.6AI score0.00375EPSS
CVE
CVE
added 2023/12/28 10:53 a.m.74 views

CVE-2023-27447

CVE-2023-27447 affects VeronaLabs WP SMS – Messaging & SMS Notification for WordPress (WordPress WP SMS Plugin) up to version 6.0.4. The issue exposes sensitive information to an unauthenticated actor (information disclosure). Patch availability: fixed in 6.0.4.1; recommended action: update to a ...

7.5CVSS7.7AI score0.00536EPSS
CVE
CVE
added 2024/08/22 11:29 a.m.66 views

CVE-2024-43331

CVE-2024-43331 is a Missing Authorization vulnerability affecting WP SMS (VeronaLabs) for WordPress. Public records indicate impact on WP SMS versions up to 6.9.3. Red Hat and Wordfence entries corroborate Missing Authorization exposure for WP SMS, with patched status noted in Wordfence (patched ...

9.8CVSS5.4AI score0.00365EPSS
CVE
CVE
added 2024/05/13 8:36 a.m.51 views

CVE-2024-34811

CVE-2024-34811 is an Improper Neutralization of Input During Web Page Generation (Stored XSS) in VeronaLabs WP SMS. Affected: WP SMS up to v6.5.1. Root cause: input is not properly sanitized during page generation. Impact: stored cross-site scripting vulnerability. Remediation: patched in public ...

5.9CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2021/08/23 11:10 a.m.48 views

CVE-2021-24561

The CVE-2021-24561 entry concerns the WP SMS WordPress plugin (versions prior to 5.4.13). The vulnerability is an Authenticated Stored Cross-Site Scripting issue caused by the plugin failing to sanitize the wp_group_name parameter when rendering the Groups page. Impact per sources is stored XSS w...

5.4CVSS5.3AI score0.00671EPSS
CVE
CVE
added 2023/08/30 11:8 a.m.42 views

CVE-2023-32742

CVE-2023-32742 : Unauthenticated reflected XSS in VeronaLabs WP SMS plugin

7.1CVSS6AI score0.00396EPSS