CVE-2023-6980

Summary

CVE-2023-6980 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP SMS plugin for WordPress, WooCommerce, GravityForms, and other applications. Versions up to 6.5 of the plugin are impacted due to insufficient nonce validation on the 'delete' action of the wp-sms-subscribers page. Unauthenticated attackers can exploit this flaw by tricking administrators into clicking malicious links, allowing them to delete subscribers from the affected site. This vulnerability poses a serious risk to sites relying on the plugin and necessitates immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.