cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, 9f80d9ea-e4ce-4957-9b22-3464446ab003

CVE, Research URL

9f80d9ea-e4ce-4957-9b22-3464446ab003

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
-
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 5.4.9.1 WP SMS &lt; 5.4.9.1 - Reflected Cross-Site Scripting (XSS) The plugin does not sanitise or escape some of its parameter before outputting them back in the pages, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin.
Affected versions
max 5.4.9.1.
Status
vulnerable
Previous vulnerability researches
Connections Business Directory (CVE-2011-5254) , Jun 06, 2024
Connections Business Directory (CVE-2023-29437) , Jun 06, 2024
Connections Business Directory (CVE-2020-36503) , Jun 06, 2024
Connections Business Directory (CVE-2016-0770) , Jun 06, 2024
Connections Business Directory (CVE-2021-24794) , Jun 06, 2024
New vulnerability
Simple History – user activity log, audit tool (a828b77d1ff47578685763b8634646f7c3844e10) , Jun 16, 2026
Simple History – user activity log, audit tool (2d018bf11d8cc00370eab69492a7b038453d644b) , Jun 16, 2026
Simple History – user activity log, audit tool (b4a5e605-79ae-476d-a0dc-3734b2bc83a3) , Jun 16, 2026
Simple History – user activity log, audit tool (736e6adad7e211ec7b84a941eb01ac324a79772d) , Jun 16, 2026
TelSender &#8211; Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce (064e9b811efe47de47856256d48e5f52f3b89f04) , Jun 16, 2026