WordPress Plugin Vulnerabilities

TextMe SMS < 1.9.2 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
textme-sms-integration
Fixed in 1.9.2

References

CVE
CVE-2025-31789
URL
https://patchstack.com/database/wordpress/plugin/textme-sms-integration/vulnerability/wordpress-textme-sms-plugin-1-9-1-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Aiden (Thái An)
Verified
No
WPVDB ID
17f88b35-50f9-4724-9f1b-9dc761f05d6a

Timeline

Publicly Published
2025-04-03 (about 11 months ago)
Added
2025-04-08 (about 11 months ago)
Last Updated
2025-05-12 (about 10 months ago)

Other

Published
Title
Published
2025-08-14
Title
The Plus Addons for Elementor Page Builder Lite < 6.3.14 - Missing Authorization
Published
2024-01-08
Title
MailerLite – WooCommerce integration < 2.0.9 - Missing Authorization via Multiple Functions
Published
2026-02-10
Title
Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update
Published
2024-05-15
Title
weMail < 1.14.3 - Missing Authorization to Notice Dismissal
Published
2024-07-11
Title
Packlink PRO shipping module < 3.4.7 - Missing Authorization