PT-2026-42072 · WordPress · Vatansms Wp Sms

·

CVE-2026-7462

·

Published

2026-05-20

·

Updated

2026-05-28

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions VatanSMS WP SMS versions prior to 1.02
Description The VatanSMS WP SMS plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute if an administrator is tricked into clicking a malicious link. The issue is triggered via the page parameter.
Recommendations Update to a version later than 1.01. As a temporary workaround, restrict or sanitize the input received by the page parameter to prevent the execution of arbitrary scripts.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-7462

Affected Products

Vatansms Wp Sms