Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc 6.5

  • Severity: medium-risk
  • Status: Open
  • Publication: January 2, 2024

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress has a security vulnerability in all versions up to, and including, 6.5. This means that unauthenticated attackers can delete subscribers without being authorized to do so. The vulnerability is caused by missing or incorrect validation on the ‘delete’ action of the wp-sms-subscribers page, which allows attackers to send a forged request and trick a site administrator into performing an action like clicking on a link.

Detected in:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations fixed vulnerable versions:
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce fixed vulnerable versions:
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc open vulnerable versions: >= * <= 6.5

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.