CVE-2025-14948 | miniOrange OTP Verification and SMS Notification for WooCommerce Plugin Setting enable_wc_sms_notification authorization

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability, which was classified as problematic, was found in miniOrange OTP Verification and SMS Notification for WooCommerce Plugin up to 4.3.8 on WordPress. This affects the function enable_wc_sms_notification of the component Setting Handler. Such manipulation leads to missing authorization.

This vulnerability is referenced as CVE-2025-14948. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-14948 | miniOrange OTP Verification and SMS Notification for WooCommerce Plugin Setting enable_wc_sms_notification authorization

Post correlati

CVE-2024-47857 | SSH Communication Security PrivX up to 36.0 Public Key Privilege Escalation

CVE-2024-2022 | Netentsec NS-ASG Application Security Gateway 6.3 list_ipAddressPolicy.php GroupId sql injection

CVE-2024-23186 | Open-Xchange OX App Suite up to 8.21 Web Interface cross site scripting

CVE-2024-23843 | Genians NAC/NAC LTS sql injection