What the vulnerability does
01Description
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
Explanation of Vulnerability in Simple Terms
WP SMS versions 7.0.1 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify or disable site functionality. An attacker with a basic user account can alter SMS settings or configurations without proper permission validation. This affects the integrity and availability of the SMS feature on WordPress sites using this plugin.
What an attacker can do
Modify or disable SMS functionality and settings with a low-privilege user account.
Potential impact on your site
Unauthorized users can alter SMS plugin settings, potentially disrupting SMS notifications or breaking site communications.
Conditions required to exploit
Attacker must have a valid WordPress user account with low-level privileges (e.g., subscriber or contributor role).
Key dates
External resources