vatanyazilim CVE debriefs

CVE-2026-7462

The VatanSMS WP SMS plugin for WordPress contains a reflected cross-site scripting (XSS) vulnerability in versions up to and including 1.01. The flaw resides in the `page` parameter, where insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. Successful exploitation requires social engineering an administrator into clicking a malicious link, a [truncated]