CVE-2025-26988 – SMS Alert Order Notifications – WooCommerce
Published : 2025-03-03
Title: WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 – SQL Injection vulnerability
Description
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.
CWE
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CVSS
| Score | Severity | Version | Vector String |
| 9.3 | CRITICAL | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L |
Vendor : n/a
Product: SMS Alert Order Notifications – WooCommerce
Vulnerable Versions: n/a through 3.7.8
Proof of Concept:
REDACTEDVulnerability found by: DFEND Security Researcher
References:
– https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-sql-injection-vulnerability?_s_id=cve
– https://www.cve.org/CVERecord?id=CVE-2025-26988