cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, 9f80d9ea-e4ce-4957-9b22-3464446ab003

CVE, Research URL

9f80d9ea-e4ce-4957-9b22-3464446ab003

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
-
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 5.4.9.1 WP SMS &lt; 5.4.9.1 - Reflected Cross-Site Scripting (XSS) The plugin does not sanitise or escape some of its parameter before outputting them back in the pages, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin.
Affected versions
max 5.4.9.1.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
Store Locator for WordPress with Google Maps – LotsOfLocales (f426f4bed17a59fb2e9150a529c7b250c2730586) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (4fa71b8c7d29c3050b951adfff5bf47b58228f4e) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (2bee561a-8cf7-430b-9c72-2049d9776e34) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (461cdcce-10c8-49e6-8a85-e7aead267554) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (7ad9388b9ad67fc00ee00c6ecb4dba944397ad56) , Jun 16, 2026