CVE Catalog

CVE-2026-40790

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

There is a vulnerability in WP SMS versions up to 7.2.1 that exposes sensitive subscriber data.

Risk Assessment

Organizations may be at risk of leaking personal data of subscribers, which can lead to privacy breaches and loss of customer trust.

Recommendation

It is recommended to update the WP SMS plugin to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS