Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc 5.4.9

  • Severity: medium-risk
  • Status: Open
  • Publication: June 30, 2021

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress has a security vulnerability in versions up to and including 5.4.9. This means that if a malicious person can get a user to perform an action such as clicking a link, they can inject dangerous web scripts into the page. This is because the plugin does not properly filter or protect against unsafe inputs or outputs. It is important to update to the latest version of the plugin to protect against this vulnerability.

Detected in:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations fixed vulnerable versions:
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce fixed vulnerable versions:
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc open vulnerable versions: >= * <= 5.4.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.