CVE-2024-12220
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
<p><strong>Free Designated number or your own number</strong></p>
<p>Use your own <strong>Twilio number</strong> or just setup without a number and one will be designated for your store (only PRO users get a free number).</p>
<p><strong>SMS Order updates to admins, customers and more</strong></p>
<p>With SMS for Woocommerce, you can send SMS notifications to your customers when an order is placed, cancelled, or refunded, etc.</p>
<p>But that’s just the beginning. There are 4 kinds of SMS groups you can send:</p>
<pre><code>- Admin SMS - Order updates sent to admin(s)
- Bulk SMS - personalized SMS/Email to multiple users at once
- Customer SMS - Order updates sent to customers
- Marketing SMS - Upsells, cross-sells, order again SMS, single order to subscriptions, etc
</code></pre>
<p>Wait! There is more.</p>
<p><strong>SMS Order updates for the right orders to the right people</strong></p>
<p>You can specify what kinds of orders you want to send SMS notifications for.</p>
<pre><code>- Send SMS for specific Payment Methods
- Send SMS for specific Order Status
</code></pre>
<p><strong>SMS templates, Shortcodes and Personalization</strong></p>
<p>Use shortcode templates like <strong>[first_name]</strong> to send personalized SMS messages to your customers.</p>
<p><strong>Bulk SMS/Emails to user roles, order statuses</strong></p>
<p>Our robust Bulk SMS/Emails allows you to send bulk SMS to all your users and customers.</p>
<p>But wait! You get to specify whether you want to send to all but can also send to specific users and groups.</p>
<pre><code>- Need to send personalized SMS/Email to all administrators or authors, etc on your site? We got you.
- Need to send personalized SMS/Email to all customers whose orders are still pending payment? We got you.
- How about selecting some users out of the groups above? We got you.
</code></pre>
<p><strong>HPOS compatibility & WooCommerce Blocks support</strong></p>
<p><strong>Demo</strong></p>
<p>An example of the plugin in use <a href="https://gurastores.com/test" rel="nofollow ugc">here</a></p>
<p>See the screenshots</p>
<h3>Usage</h3>
<p>After activating the plugin, add your Twilio settings such as your Admin Phone Number, Twilio Account SID, Twilio Auth Token, Twilio Phone Number to start sending SMS notifications.<br />
You can also use a designated number for your store if you do not have a Twilio account.</p>
<p><strong>Unlock more great features for you and your customers and priority support with a PRO license. <a href="https://theafricanboss.com/wc-sms" rel="nofollow ugc">Upgrade</a></strong></p>
WordPress Plugin Directory