cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-24881,https://securityvulnerability.io/vulnerability/CVE-2024-24881,Cross-site Scripting (XSS) Vulnerability in WP SMS,"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.

",Wordpress,"WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc",6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,false,false,2024-02-08T11:19:21.541Z,0
CVE-2023-6980,https://securityvulnerability.io/vulnerability/CVE-2023-6980,Cross-Site Request Forgery in WP SMS Plugin for WordPress,"The WP SMS – Messaging & SMS Notification plugin for WordPress is prone to a Cross-Site Request Forgery vulnerability in the wp-sms-subscribers page, affecting all versions up to and including 6.5. This vulnerability arises from inadequate nonce validation on the 'delete' action. Attackers can exploit this flaw to manipulate site functionalities by deceiving a site administrator into executing an unintended command via a malicious link, potentially leading to unauthorized deletion of subscriber data.",Wordpress,"WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc",4.3,MEDIUM,0.0014299999456852674,false,,false,false,false,,false,false,2024-01-03T06:15:00.000Z,0
CVE-2023-6981,https://securityvulnerability.io/vulnerability/CVE-2023-6981,SQL Injection Vulnerability in WP SMS Plugin for WordPress,"The WP SMS plugin for WordPress, which facilitates messaging and SMS notifications for various platforms such as WooCommerce and GravityForms, is exposed to a SQL Injection vulnerability. This issue arises from inadequate escaping of user-supplied input in the 'group_id' parameter. Authenticated attackers with contributor access can manipulate SQL queries, potentially leading to the extraction of confidential information from the database. Additionally, this vulnerability can be exploited to execute Reflected Cross-site Scripting attacks, heightening security risks for affected WordPress sites.",Wordpress,"WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc",4.9,MEDIUM,0.0020600000862032175,false,,false,false,false,,false,false,2024-01-03T06:15:00.000Z,0
CVE-2023-27447,https://securityvulnerability.io/vulnerability/CVE-2023-27447,WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure,"The WP SMS – Messaging & SMS Notification plugin by VeronaLabs is prone to a vulnerability that may expose sensitive information to unauthorized users. This issue affects specific versions of the plugin, creating potential risks for websites utilizing it for messaging services within WordPress, WooCommerce, and GravityForms. Website administrators should take immediate action to secure their systems and ensure the confidentiality of user data by updating to the latest versions.",Wordpress,"WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc",7.5,HIGH,0.0011899999808520079,false,,false,false,false,,false,false,2023-12-28T11:15:00.000Z,0
CVE-2023-2701,https://securityvulnerability.io/vulnerability/CVE-2023-2701,Gravity Forms < 2.7.5 - Reflected XSS,"The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.",Wordpress,Gravityforms,6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,false,false,2023-07-17T14:15:00.000Z,0
CVE-2023-2326,https://securityvulnerability.io/vulnerability/CVE-2023-2326,Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF,"The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack",Wordpress,"Gravity Forms Google Sheet Connector,Gsheetconnector-gravityforms-pro",6.5,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-06-27T14:15:00.000Z,0
CVE-2020-13764,https://securityvulnerability.io/vulnerability/CVE-2020-13764,,common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.,Wordpress,Gravityforms,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,false,false,2020-06-02T20:33:11.000Z,0