cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2023-6980

CVE, Research URL

CVE-2023-6980

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
Jan 03, 2024
Research Description
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 6.5.1.
Status
vulnerable
Previous vulnerability researches
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2024-43331) , Aug 20, 2024
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2025-62006) , Nov 11, 2025
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2023-6981) , Jun 07, 2024
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2021-24561) , Jun 07, 2024
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2023-6980) , Jun 07, 2024
New vulnerability
Premmerce User Roles (CVE-2025-64291) , Nov 11, 2025
Premmerce User Roles (CVE-2025-62883) , Nov 11, 2025
Premmerce User Roles (CVE-2025-60193) , Nov 11, 2025
WP-Force Images Download (CVE-2025-11809) , Nov 11, 2025
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin (CVE-2025-11380) , Nov 11, 2025