Vulnerabilities > Cozyvision
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-10 | CVE-2025-3876 | Missing Authorization vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. | 8.8 |
| 2025-05-10 | CVE-2025-3878 | Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-03-03 | CVE-2025-26984 | Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows Reflected XSS. | 6.1 |
| 2025-03-03 | CVE-2025-26988 | SQL Injection vulnerability in Cozyvision SMS Alert Order Notifications Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. | 7.5 |
| 2021-09-06 | CVE-2021-24588 | Unspecified vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page. | 6.1 |