CVE-2021-24561

Name of the Vulnerable Software and Affected Versions WP SMS WordPress plugin versions prior to 5.4.13

Description The issue is related to an Authenticated Stored Cross-Site Scripting problem. It occurs because the wp group name parameter is not properly sanitized before being outputted back in the "Groups" page. This allows for malicious scripts to be stored and executed.

Recommendations For versions prior to 5.4.13, update to version 5.4.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Groups" page to minimize the risk of exploitation. Avoid using the wp group name parameter in the affected page until the issue is resolved.