WordPress Plugin Vulnerabilities

WP SMS < 5.4.9.1 - Reflected Cross-Site Scripting (XSS)

Description

The plugin does not sanitise or escape some of its parameter before outputting them back in the pages, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin.

Proof of Concept

Affects Plugins

Plugin icon
wp-sms
Fixed in 5.4.9.1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
9f80d9ea-e4ce-4957-9b22-3464446ab003

Timeline

Publicly Published
2021-06-30 (about 4 years ago)
Added
2021-06-30 (about 4 years ago)
Last Updated
2021-06-30 (about 4 years ago)

Other

Published
Title
Published
2024-10-10
Title
Tainacan < 0.21.11 - Reflected Cross-Site Scripting
Published
2014-07-16
Title
Profile Builder < 1.1.66 - Multiple XSS
Published
2018-08-27
Title
Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function
Published
2024-03-29
Title
Header Image Slider <= 0.3 - Reflected Cross-Site Scripting
Published
2022-10-21
Title
Quiz And Survey Master < 7.3.5 - Contributor+ Stored Cross-Site Scripting