cleantalk
Vulnerabilities and Security Researches

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc, CVE-2026-40790

CVE, Research URL

CVE-2026-40790

Home page URL

Security reports for WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Application

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Published on
-
Research Description
WSMS (formerly WP SMS) – SMS &amp; MMS Notifications with OTP and 2FA for WooCommerce [wp-sms] < 7.2.2 CVE-2026-40790
Affected versions
max 7.2.2.
Status
vulnerable
Previous vulnerability researches
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2024-43331) , Aug 20, 2024
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2025-62006) , Nov 11, 2025
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2026-28136) , Feb 28, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2026-25343) , Feb 28, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2026-40790) , May 02, 2026
New vulnerability
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-40771) , May 02, 2026
WP Post Author &#8211; Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including Use (CVE-2024-13362) , May 02, 2026
EventPrime – Events Calendar, Bookings and Tickets (CVE-2026-39518) , May 02, 2026
WP Data Access (CVE-2024-13362) , May 02, 2026
AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress (CVE-2025-9542) , May 02, 2026