Missing Authorization vulnerability Affects WP SMS from n/a through 6.9.3
CVE-2024-43331

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Sms
Vendor: CVE Published:; 22 August 2024

What is CVE-2024-43331?

A missing authorization vulnerability exists in the VeronaLabs WP SMS plugin, affecting versions up to 6.9.3. This issue allows unauthorized users to access sensitive functions within the plugin, potentially leading to unauthorized actions that compromise user data security. It is critical for users to update to the latest version and enforce rigorous access controls to mitigate the risks associated with this vulnerability.

Affected Version(s)

WP SMS <= 6.9.3

References

https://patchstack.com/database/vulnerability/wp-sms/word...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

Peng Zhou (Patchstack Alliance)

WordPress

What is CVE-2024-43331?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit