| CVE-2024-4149 | Floating Chat Widget < 3.2.3 - Admin+ Stored XSS | Unknown | Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button | - | - | 2024-06-13 06:00:03 | Deep Dive |
| CVE-2023-51679 | WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability | BulkGate | BulkGate SMS Plugin for WooCommerce | Medium | 5.4 | 2024-06-12 08:47:21 | Deep Dive |
| CVE-2024-34811 | WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability | VeronaLabs | WP SMS | Medium | 5.9 | 2024-05-13 08:36:02 | Deep Dive |
| CVE-2024-2972 | Floating Chat Widget < 3.1.9 - Editor+ Stored XSS | Unknown | Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button | 中危 | - | 2024-04-24 05:00:03 | Deep Dive |
| CVE-2021-4438 | kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components | kyivstarteam | react-native-sms-user-consent | Medium | 5.3 | 2024-04-07 09:00:05 | Deep Dive |
| CVE-2024-30454 | WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability | VeronaLabs | WP SMS | Medium | 4.3 | 2024-03-29 16:30:15 | Deep Dive |
| CVE-2024-25920 | WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability | VeronaLabs | WP SMS | Medium | 6.5 | 2024-03-27 05:45:44 | Deep Dive |
| CVE-2024-1489 | SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 4.3 | 2024-03-13 15:27:22 | Deep Dive |
| CVE-2024-0898 | Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting | bluecoral | Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back | Medium | 4.4 | 2024-03-13 15:27:09 | Deep Dive |
| CVE-2024-24881 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) | VeronaLabs | WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | High | 7.1 | 2024-02-08 11:19:22 | Deep Dive |
| CVE-2023-6981 | WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 6.1 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-6980 | WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 4.3 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-51361 | WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) | Ginger Plugins | Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button | Medium | 5.9 | 2023-12-29 11:01:30 | Deep Dive |
| CVE-2023-51371 | WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) | Bit Assist | Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget | Medium | 5.9 | 2023-12-29 10:58:40 | Deep Dive |
| CVE-2022-44589 | WordPress miniOrange's Google Authenticator Plugin <= 5.6.1 is vulnerable to Sensitive Data Exposure | miniOrange | miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login | High | 8.1 | 2023-12-29 09:40:07 | Deep Dive |
| CVE-2023-50843 | WordPress Clockwork SMS Notfications Plugin <= 3.0.4 is vulnerable to SQL Injection | Clockwork | Clockwork SMS Notfications | High | 7.6 | 2023-12-28 18:30:01 | Deep Dive |
| CVE-2023-27447 | WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure | VeronaLabs | WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | Medium | 5.3 | 2023-12-28 10:53:55 | Deep Dive |
| CVE-2023-48769 | WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF) | Blue Coral | Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back | Medium | 4.3 | 2023-12-18 21:57:08 | Deep Dive |
| CVE-2023-48373 | ITPison OMICARD EDM 's SMS - Path Traversal | ITPison | OMICARD EDM 's SMS | High | 7.5 | 2023-12-15 04:27:27 | Deep Dive |
| CVE-2023-48372 | ITPison OMICARD EDM 's SMS - SQL Injection | ITPison | OMICARD EDM 's SMS | Critical | 9.8 | 2023-12-15 04:18:31 | Deep Dive |