CVE-2026-7462

Name of the Vulnerable Software and Affected Versions VatanSMS WP SMS versions prior to 1.02

Description The VatanSMS WP SMS plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute if an administrator is tricked into clicking a malicious link. The issue is triggered via the page parameter.

Recommendations Update to a version later than 1.01. As a temporary workaround, restrict or sanitize the input received by the page parameter to prevent the execution of arbitrary scripts.