CVE-2023-6981

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Jan 3, 2024
Updated: Dec 17, 2024
CWE ID 89

Summary

CVE-2023-6981: The WP SMS plugin for WordPress, WooCommerce, GravityForms, and other platforms is affected by a SQL Injection vulnerability. Attackers with contributor-level access or higher can exploit the insufficient escaping of the 'group_id' parameter and the lack of query preparation, enabling them to inject additional SQL queries. This weakens database security and opens the door to Reflected Cross-site Scripting attacks, potentially exposing sensitive information. Versions up to 6.5 are vulnerable to this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Veronalabs Wp Sms

Affected Vendors

  • Verona Labs