WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2021-24561

CVE, Research URL: CVE-2021-24561
Home page URL: Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Application: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Published on: Aug 23, 2021
Research Description: The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
Affected versions: max 5.4.9.1.
Status: vulnerable

WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2021-24561