cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, fc2d7281-abec-475b-8e8d-8dbc47de78da

CVE, Research URL

fc2d7281-abec-475b-8e8d-8dbc47de78da

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
-
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 6.2.0 WP SMS &lt; 6.2.0 - User Unsubscribe via CSRF The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Affected versions
max 6.2.0.
Status
vulnerable
Previous vulnerability researches
Plugin Name: oQey Headers (c7ce760ee7c36905095c8fa8843b97a99356157d) , Jun 07, 2024
Plugin Name: oQey Headers (ab0a8668-3002-4d29-86a0-9800d5aa9ddc) , Jun 16, 2026
New vulnerability
Car Demon (a40013e7-1e0f-4615-8b3e-29ed2dd23b19) , Jun 16, 2026
Car Demon (3a62378f-414d-4216-ba93-268d823a2353) , Jun 16, 2026
FormsCRM (1a3da38540e9197d18657f806cbdafe2d676927c) , Jun 16, 2026
FileBird &#8211; WordPress Media Library Folders &amp; File Manager (2cbf010c7cabd253fe2d0884c5bd54a73f1e5d41) , Jun 16, 2026
Premmerce (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026