5.6.6

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-22	CVE-2024-43331	Unspecified vulnerability in Veronalabs WP SMS Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. network low complexity veronalabs critical	9.8
2024-05-14	CVE-2024-34811	Unspecified vulnerability in Veronalabs WP SMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. network low complexity veronalabs	4.8
2024-03-29	CVE-2024-30454	Unspecified vulnerability in Veronalabs WP SMS Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2. network low complexity veronalabs	8.8
2024-03-27	CVE-2024-25920	Unspecified vulnerability in Veronalabs WP SMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. network low complexity veronalabs	5.4
2024-02-08	CVE-2024-24881	Cross-site Scripting vulnerability in Veronalabs WP SMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. network low complexity veronalabs CWE-79	6.1
2024-01-03	CVE-2023-6980	Cross-site Scripting vulnerability in Veronalabs WP SMS The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. network low complexity veronalabs CWE-79	4.3
2024-01-03	CVE-2023-6981	SQL Injection vulnerability in Veronalabs WP SMS The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity veronalabs CWE-89	4.9
2023-12-28	CVE-2023-27447	Information Exposure vulnerability in Veronalabs WP SMS Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. network low complexity veronalabs CWE-200	7.5
2023-08-30	CVE-2023-32742	Cross-site Scripting vulnerability in Veronalabs WP SMS Unauth. network low complexity veronalabs CWE-79	6.1