Vulnerabilities > Veronalabs

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24881 Cross-site Scripting vulnerability in Veronalabs WP SMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
network
low complexity
veronalabs CWE-79
6.1
2024-01-03 CVE-2023-6980 Cross-site Scripting vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.
network
low complexity
veronalabs CWE-79
4.3
2024-01-03 CVE-2023-6981 SQL Injection vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
veronalabs CWE-89
4.9
2023-12-28 CVE-2023-27447 Information Exposure vulnerability in Veronalabs WP SMS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
network
low complexity
veronalabs CWE-200
7.5
2023-08-30 CVE-2023-32742 Cross-site Scripting vulnerability in Veronalabs WP SMS
Unauth.
network
low complexity
veronalabs CWE-79
6.1
2023-03-27 CVE-2023-0955 Unspecified vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks.
network
low complexity
veronalabs
8.8
2023-03-13 CVE-2022-38074 SQL Injection vulnerability in Veronalabs WP Statistics
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
network
low complexity
veronalabs CWE-89
8.8
2023-03-07 CVE-2021-4333 Unspecified vulnerability in Veronalabs WP Statistics
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1.
network
low complexity
veronalabs
6.5
2023-01-23 CVE-2022-4230 SQL Injection vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks.
network
low complexity
veronalabs CWE-89
8.8
2022-06-13 CVE-2022-27231 Cross-site Scripting vulnerability in Veronalabs WP Statistics
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter.
network
veronalabs CWE-79
4.3