Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc 6.3.4

  • Severity: medium-risk
  • Status: Open
  • Publication: February 14, 2024

The WP SMS plugin for WordPress, which is used for messaging and SMS notifications, has a security issue that allows hackers to insert harmful code into web pages. This can happen when the plugin’s shortcodes are used, and it affects all versions up to 6.3.4. This can only be done by authenticated attackers with contributor or higher permissions.

Detected in:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More fixed vulnerable versions:
WP SMS – Ultimate SMS & MMS Notifications, OTP, 2FA, and WooCommerce & Forms Integrations fixed vulnerable versions:
WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce fixed vulnerable versions:
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc open vulnerable versions: >= * <= 6.3.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.