CVE-2023-6981
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Published Jan 3, 2024
Updated: Dec 17, 2024
CWE ID 89
Summary
CVE-2023-6981: The WP SMS plugin for WordPress, WooCommerce, GravityForms, and other platforms is affected by a SQL Injection vulnerability. Attackers with contributor-level access or higher can exploit the insufficient escaping of the 'group_id' parameter and the lack of query preparation, enabling them to inject additional SQL queries. This weakens database security and opens the door to Reflected Cross-site Scripting attacks, potentially exposing sensitive information. Versions up to 6.5 are vulnerable to this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Veronalabs Wp Sms
Affected Vendors
- Verona Labs