Vulnerabilities > Cozyvision > SMS Alert Order Notifications > 3.4.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-10 | CVE-2025-3876 | Missing Authorization vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. | 8.8 |
| 2025-05-10 | CVE-2025-3878 | Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-04-01 | CVE-2024-13553 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Cozyvision SMS Alert Order Notifications The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. | 9.8 |
| 2025-03-03 | CVE-2025-26984 | Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows Reflected XSS. | 6.1 |
| 2025-03-03 | CVE-2025-26988 | SQL Injection vulnerability in Cozyvision SMS Alert Order Notifications Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. | 7.5 |