Missing Authorization vulnerability Affects WP SMS from n/a through 6.9.3
CVE-2024-43331

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Sms
Vendor: CVE Published:; 22 August 2024

Summary

A missing authorization vulnerability exists in the VeronaLabs WP SMS plugin, affecting versions up to 6.9.3. This issue allows unauthorized users to access sensitive functions within the plugin, potentially leading to unauthorized actions that compromise user data security. It is critical for users to update to the latest version and enforce rigorous access controls to mitigate the risks associated with this vulnerability.

Affected Version(s)

WP SMS <= 6.9.3

References

https://patchstack.com/database/vulnerability/wp-sms/word...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

Peng Zhou (Patchstack Alliance)