CVE-2025-26988
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
The SMS Alert Order Notifications plugin for WordPress (versions up to and including 3.7.8) contains an SQL injection vulnerability. The flaw results from improper neutralization of special elements in SQL commands, allowing an attacker to perform unauthorized database operations.
Risk Assessment
An attacker can exploit this vulnerability to read, modify, or delete database data, potentially leading to data confidentiality and integrity breaches and system takeover.
Recommendation
Immediately update the SMS Alert Order Notifications plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin.
Original NVD description (English source)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8.

