cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, c9038d9e6e459de1ff8abd00bd5a0f71e49ef5d8

CVE, Research URL

c9038d9e6e459de1ff8abd00bd5a0f71e49ef5d8

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
Jun 30, 2021
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 5.4.9.1 WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc <= 5.4.9 - Reflected Cross-Site Scripting The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 5.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 5.4.9.1.
Status
vulnerable
Previous vulnerability researches
Connections Business Directory (CVE-2011-5254) , Jun 06, 2024
Connections Business Directory (CVE-2023-29437) , Jun 06, 2024
Connections Business Directory (CVE-2020-36503) , Jun 06, 2024
Connections Business Directory (CVE-2016-0770) , Jun 06, 2024
Connections Business Directory (CVE-2021-24794) , Jun 06, 2024
New vulnerability
MathJax-LaTeX (dc58a5e8913fe3e0530789dbb21e0998a8536ee4) , Jun 16, 2026
MathJax-LaTeX (9486ca34-d436-490f-8779-e79d7dcdc9bc) , Jun 16, 2026
Fancy Comments WordPress (86cad9b9-eaa5-4775-8ebf-e9e967cfb439) , Jun 16, 2026
Breeze &#8211; WordPress Cache Plugin (9f8d98d070747dc4430a4d5893eedb992d889bf6) , Jun 16, 2026
GravityCaptcha (a6717eb4a1974422dee29f4987d49272d478c74a) , Jun 16, 2026