{"id":"CVE-2023-6980","details":"The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","modified":"2026-03-14T12:23:46.575589Z","published":"2024-01-03T06:15:47.500Z","references":[{"type":"FIX","url":"https://github.com/wp-sms/wp-sms/commit/0f36e2f521ade8ddfb3e04786defe074370afb50"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail="},{"type":"FIX","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=cve"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wp-sms/wp-sms","events":[{"introduced":"0"},{"fixed":"7ad23a0596e8a1554ecfda9bfb9bae60c5598560"},{"fixed":"0f36e2f521ade8ddfb3e04786defe074370afb50"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.5.1"}]}}],"versions":["4.0.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.14","4.0.16","4.0.18","4.0.19","4.0.2","4.0.20","4.0.21","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1.0","4.1.1","5.0","5.1","5.1.1","5.1.2","5.1.3","5.1.4","5.1.5","5.1.6","5.1.7","5.1.8","5.1.9","5.2.1","5.2.2","5.3","5.3.1","5.4","5.4.1","5.4.2","5.4.4","5.4.5","5.4.6","v5.7.3","v5.7.3.1","v5.7.4","v5.7.5","v5.7.5.1","v5.7.6","v5.7.7","v5.7.8","v5.7.9","v5.8.0","v5.8.1","v5.8.2","v5.8.3","v5.8.4","v5.8.5","v5.9","v5.9.1","v6.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.4.1","v6.1","v6.1.1","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.2.0","v6.2.0.1","v6.2.0.2","v6.2.1","v6.2.2","v6.2.3","v6.2.4","v6.2.4.1","v6.3","v6.3.1","v6.3.2","v6.3.3","v6.3.4","v6.4","v6.4.1","v6.4.2","v6.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6980.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}