CVE-2023-6980

Summary

CVE-2023-6980 is a newly identified vulnerability affecting the WP SMS plugin for WordPress, WooCommerce, GravityForms, and other platforms. The issue lies in the lack of proper nonce validation on the 'delete' action of the wp-sms-subscribers page. Consequently, unauthenticated attackers can execute a Cross-Site Request Forgery (CSRF) attack, enabling them to delete subscribers by tricking administrators into executing a malicious link. This vulnerability poses a potential threat to websites using the WP SMS plugin, necessitating immediate updates to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.