Vulnerabilities > Cozyvision > SMS Alert Order Notifications > 3.7.3

DATE CVE VULNERABILITY TITLE RISK
2025-05-10 CVE-2025-3876 Missing Authorization vulnerability in Cozyvision SMS Alert Order Notifications
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1.
network
low complexity
cozyvision CWE-862
8.8
8.8
2025-05-10 CVE-2025-3878 Cross-site Scripting vulnerability in Cozyvision SMS Alert Order Notifications
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
cozyvision CWE-79
5.4
5.4
2025-04-01 CVE-2024-13553 Authentication Bypass Using an Alternate Path or Channel vulnerability in Cozyvision SMS Alert Order Notifications
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9.
network
low complexity
cozyvision CWE-288
critical
 9.8
9.8