Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More 6.9.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 16, 2024

The WordPress plugin called “WP SMS – Ultimate SMS & MMS Notifications” has a security issue that allows unauthorized people to access it. This is because the plugin does not have a check in place to make sure the person trying to access it has the right permissions. This means that anyone, even without an account, can do something they shouldn’t be able to do.

Detected in:

WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations fixed vulnerable versions:
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.