Show filters
30 Total Results
Displaying 1-10 of 30
Sort by:
Attacker Value
Unknown
CVE-2023-33994
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1.
0
Attacker Value
Unknown
CVE-2024-43331
Disclosure Date: August 22, 2024 (last updated August 23, 2024)
Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.
0
Attacker Value
Unknown
CVE-2024-34811
Disclosure Date: May 14, 2024 (last updated May 15, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1.
0
Attacker Value
Unknown
CVE-2024-30454
Disclosure Date: March 29, 2024 (last updated January 05, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.
0
Attacker Value
Unknown
CVE-2024-25920
Disclosure Date: March 27, 2024 (last updated April 02, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.
0
Attacker Value
Unknown
CVE-2024-24881
Disclosure Date: February 08, 2024 (last updated December 18, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
0
Attacker Value
Unknown
CVE-2023-6981
Disclosure Date: January 03, 2024 (last updated December 18, 2024)
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.
0
Attacker Value
Unknown
CVE-2023-6980
Disclosure Date: January 03, 2024 (last updated December 18, 2024)
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2023-27447
Disclosure Date: December 28, 2023 (last updated December 18, 2024)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
0
Attacker Value
Unknown
CVE-2023-32742
Disclosure Date: August 30, 2023 (last updated December 18, 2024)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <= 6.1.4 versions.
0
