WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2026-28136

CVE, Research URL: CVE-2026-28136
Home page URL: Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Application: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Published on: Feb 26, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.
Affected versions: max 6.9.12.
Status: vulnerable

WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2026-28136