Vulnerabilities > Veronalabs > WP SMS > 5.6.6

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2024-43331 Unspecified vulnerability in Veronalabs WP SMS
Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.
network
low complexity
veronalabs
critical
9.8
2024-05-14 CVE-2024-34811 Unspecified vulnerability in Veronalabs WP SMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.
network
low complexity
veronalabs
4.8
2024-03-29 CVE-2024-30454 Unspecified vulnerability in Veronalabs WP SMS
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.
network
low complexity
veronalabs
8.8
2024-03-27 CVE-2024-25920 Unspecified vulnerability in Veronalabs WP SMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.
network
low complexity
veronalabs
5.4
2024-02-08 CVE-2024-24881 Cross-site Scripting vulnerability in Veronalabs WP SMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
network
low complexity
veronalabs CWE-79
6.1
2024-01-03 CVE-2023-6980 Cross-site Scripting vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.
network
low complexity
veronalabs CWE-79
4.3
2024-01-03 CVE-2023-6981 SQL Injection vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
veronalabs CWE-89
4.9
2023-12-28 CVE-2023-27447 Information Exposure vulnerability in Veronalabs WP SMS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
network
low complexity
veronalabs CWE-200
7.5
2023-08-30 CVE-2023-32742 Cross-site Scripting vulnerability in Veronalabs WP SMS
Unauth.
network
low complexity
veronalabs CWE-79
6.1