cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, fc2d7281-abec-475b-8e8d-8dbc47de78da

CVE, Research URL

fc2d7281-abec-475b-8e8d-8dbc47de78da

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
-
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 6.2.0 WP SMS &lt; 6.2.0 - User Unsubscribe via CSRF The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Affected versions
max 6.2.0.
Status
vulnerable
Previous vulnerability researches
Attendance Manager (CVE-2025-39515) , Apr 18, 2025
Attendance Manager (CVE-2026-3781) , Apr 13, 2026
Attendance Manager (CVE-2019-5970) , Jun 06, 2024
Attendance Manager (CVE-2019-5971) , Jun 06, 2024
Attendance Manager (d61a53a5132d4f127db04c355b728189ae540eb5) , Jun 16, 2026
New vulnerability
Co-Authors Plus (3b59fa89-76f2-42de-b8dc-b20029b03ca2) , Jun 16, 2026
Co-Authors Plus (034cb5664dd2496536a4b1eb1b6eccfe0dfdee1d) , Jun 16, 2026
WP Editor (9bd82df3361111ce1d4cf7e25e54197d57e5fcf7) , Jun 16, 2026
WP Editor (57bcaf52c81e37e52179a1bc19ff300383498acc) , Jun 16, 2026
WP Editor (9f554258dccf197d2aef6c675e863309c8c23908) , Jun 16, 2026