PatchSiren cyber security CVE debrief
CVE-2026-40790 VeronaLabs CVE debrief
A Subscriber Sensitive Data Exposure vulnerability was discovered in the WP SMS plugin up to version 7.2.1. This vulnerability has been assigned a CVSS score of 6.5, indicating a Medium severity level. The vulnerability allows an attacker to expose sensitive data, potentially leading to unauthorized access or disclosure of subscriber information.
- Vendor
- VeronaLabs
- Product
- WP SMS
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the WP SMS plugin, particularly those with subscriber data, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The WP SMS plugin, up to version 7.2.1, is vulnerable to Subscriber Sensitive Data Exposure. This vulnerability is characterized by the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The weakness associated with this vulnerability is CWE-288.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the WP SMS plugin to a version that fixes this vulnerability.
- Review and monitor subscriber data for any potential exposure.
Evidence notes
Evidence for this CVE was provided by Patchstack, as indicated in the resource links.
Official resources
-
CVE-2026-40790 CVE record
CVE.org
-
CVE-2026-40790 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40790 was published on 2026-06-15T21:16:51.297Z and modified on 2026-06-15T21:24:32.790Z.