Vulnerabilities > Veronalabs > WP SMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24881 Cross-site Scripting vulnerability in Veronalabs WP SMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
network
low complexity
veronalabs CWE-79
6.1
6.1
2024-01-03 CVE-2023-6980 Cross-site Scripting vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.
network
low complexity
veronalabs CWE-79
4.3
4.3
2024-01-03 CVE-2023-6981 SQL Injection vulnerability in Veronalabs WP SMS
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
veronalabs CWE-89
4.9
4.9
2023-08-30 CVE-2023-32742 Cross-site Scripting vulnerability in Veronalabs WP SMS
Unauth.
network
low complexity
veronalabs CWE-79
6.1
6.1