WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32742
7.1HIGH
What is CVE-2023-32742?
The VeronaLabs WP SMS plugin is susceptible to a reflected cross-site scripting (XSS) vulnerability affecting versions up to 6.1.4. By exploiting this flaw, attackers could potentially inject malicious scripts into web pages, which would execute in the context of users' browsers. This could lead to various forms of attacks, such as session hijacking or phishing, posing significant risks to users' data and security.
Affected Version(s)
WP SMS <= 6.1.4