Skip to main content

Sms Alert Order Notifications

12 CVEs product

Monthly

CVE-2026-54803 CRITICAL Act Now

Privilege escalation in the WordPress plugin SMS Alert Order Notifications (by Cozy Vision Technologies) versions 3.9.4 and earlier allows low-privileged users - specifically Subscriber-level accounts - to elevate their permissions on the WordPress site. Patchstack catalogued this as an authorization/authentication-bypass class issue (CWE-863). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Authentication Bypass Sms Alert Order Notifications
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-54802 HIGH This Week

Authentication bypass in the WordPress plugin SMS Alert Order Notifications (versions <= 3.9.3) allows remote unauthenticated attackers to access functionality or data that should be restricted to authenticated users. The flaw, reported by Patchstack and tracked under CWE-862 (Missing Authorization), carries a CVSS 7.5 with high confidentiality impact only. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Authentication Bypass Sms Alert Order Notifications
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-32373 MEDIUM This Month

Cozy Vision SMS Alert Order Notifications through version 3.9.0 contains an authorization bypass that allows authenticated users to modify data and degrade service availability through improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions intended for higher-privileged users. No patch is currently available for this vulnerability.

Authentication Bypass Sms Alert Order Notifications
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-3878 MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sms Alert Order Notifications PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3876 HIGH PATCH This Week

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation Sms Alert Order Notifications PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-13553 CRITICAL PATCH Act Now

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Privilege Escalation Sms Alert Order Notifications
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-26988 HIGH This Week

SQL injection in the Cozy Vision 'SMS Alert Order Notifications - WooCommerce' WordPress plugin (all versions up to and including 3.7.8) lets remote attackers inject crafted SQL into backend database queries, enabling extraction of arbitrary data such as customer records, order details, and WordPress credential hashes. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with high confidentiality impact and no integrity or availability impact, consistent with a read-oriented (e.g. UNION/blind) injection. No public exploit was identified at time of analysis and EPSS is low (0.11%, 30th percentile), but the flaw was reported by Patchstack, a credible WordPress vulnerability research source.

WordPress SQLi Sms Alert Order Notifications
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26984 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in the SMS Alert Order Notifications WordPress plugin through version 3.7.8 enables remote attackers to execute arbitrary JavaScript in victim browsers by tricking users into clicking malicious links. The vulnerability carries a CVSS score of 7.1 due to changed scope (cross-domain consequences), though exploitation requires user interaction. EPSS probability is low (0.08%, 25th percentile), indicating limited observed exploitation activity. No CISA KEV listing confirms active widespread exploitation, though Patchstack's vulnerability database disclosure suggests the flaw may be targeted in WordPress-specific attack campaigns.

WordPress XSS Sms Alert Order Notifications
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-11725 HIGH PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Privilege Escalation Sms Alert Order Notifications
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-10233 MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sms Alert Order Notifications
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1489 MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Sms Alert Order Notifications
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-24588 MEDIUM POC This Month

The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sms Alert Order Notifications
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in the WordPress plugin SMS Alert Order Notifications (by Cozy Vision Technologies) versions 3.9.4 and earlier allows low-privileged users - specifically Subscriber-level accounts - to elevate their permissions on the WordPress site. Patchstack catalogued this as an authorization/authentication-bypass class issue (CWE-863). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Authentication Bypass Sms Alert Order Notifications
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Authentication bypass in the WordPress plugin SMS Alert Order Notifications (versions <= 3.9.3) allows remote unauthenticated attackers to access functionality or data that should be restricted to authenticated users. The flaw, reported by Patchstack and tracked under CWE-862 (Missing Authorization), carries a CVSS 7.5 with high confidentiality impact only. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Authentication Bypass Sms Alert Order Notifications
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cozy Vision SMS Alert Order Notifications through version 3.9.0 contains an authorization bypass that allows authenticated users to modify data and degrade service availability through improperly configured access controls. An attacker with valid credentials can exploit this vulnerability to perform unauthorized actions intended for higher-privileged users. No patch is currently available for this vulnerability.

Authentication Bypass Sms Alert Order Notifications
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sms Alert Order Notifications +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Privilege Escalation Sms Alert Order Notifications
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection in the Cozy Vision 'SMS Alert Order Notifications - WooCommerce' WordPress plugin (all versions up to and including 3.7.8) lets remote attackers inject crafted SQL into backend database queries, enabling extraction of arbitrary data such as customer records, order details, and WordPress credential hashes. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with high confidentiality impact and no integrity or availability impact, consistent with a read-oriented (e.g. UNION/blind) injection. No public exploit was identified at time of analysis and EPSS is low (0.11%, 30th percentile), but the flaw was reported by Patchstack, a credible WordPress vulnerability research source.

WordPress SQLi Sms Alert Order Notifications
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in the SMS Alert Order Notifications WordPress plugin through version 3.7.8 enables remote attackers to execute arbitrary JavaScript in victim browsers by tricking users into clicking malicious links. The vulnerability carries a CVSS score of 7.1 due to changed scope (cross-domain consequences), though exploitation requires user interaction. EPSS probability is low (0.08%, 25th percentile), indicating limited observed exploitation activity. No CISA KEV listing confirms active widespread exploitation, though Patchstack's vulnerability database disclosure suggests the flaw may be targeted in WordPress-specific attack campaigns.

WordPress XSS Sms Alert Order Notifications
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sms Alert Order Notifications
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Sms Alert Order Notifications
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sms Alert Order Notifications
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy