Vulnerabilities and security researches forjoy-of-text joy-of-text

Jun 06, 2024

CVE, Research URL: CVE-2022-4099
Home page URL: Security reports for Joy Of Text Lite – SMS messaging for WordPress.
Application: Joy Of Text Lite – SMS messaging for WordPress.
Date: Jan 03, 2023
Research Description: The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
Affected versions: Min -, max -.
Status: vulnerable

Sep 28, 2024

CVE, Research URL: CVE-2024-47337
Home page URL: Security reports for Joy Of Text Lite – SMS messaging for WordPress.
Application: Joy Of Text Lite – SMS messaging for WordPress.
Date: Sep 26, 2024
Research Description: Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1.
Affected versions: Min -, max -.
Status: vulnerable

May 19, 2025

CVE, Research URL: CVE-2024-7984
Home page URL: Security reports for Joy Of Text Lite – SMS messaging for WordPress.
Application: Joy Of Text Lite – SMS messaging for WordPress.
Date: May 16, 2025
Research Description: The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable