Browse all 5 CVE security advisories affecting netgsm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Netgsm provides SMS and notification services for businesses, enabling mass communication through various channels. Historically, the platform has been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and insecure API endpoints. Privilege escalation vulnerabilities have also been documented, allowing unauthorized access to administrative functions. The company maintains five CVE records, with vulnerabilities primarily affecting web interfaces and API integrations. While no major public security incidents have been widely reported, the consistent presence of similar vulnerability classes suggests potential ongoing risks in their web application security posture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68010 | WordPress Netgsm plugin <= 2.9.63 - Cross Site Scripting (XSS) vulnerability — NetgsmCWE-79 | 7.1 | High | 2026-01-22 |
| CVE-2025-60143 | WordPress Netgsm plugin <= 2.9.69 - Broken Access Control vulnerability — NetgsmCWE-862 | 4.3 | Medium | 2025-09-26 |
| CVE-2024-4746 | WordPress Netgsm plugin <= 2.9.32 - Broken Access Control + CSRF vulnerability — NetgsmCWE-862 | 4.3 | Medium | 2024-06-10 |
| CVE-2024-35672 | WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability — NetgsmCWE-862 | 7.5 | High | 2024-06-04 |
| CVE-2024-32544 | WordPress Netgsm plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability — NetgsmCWE-79 | 7.1 | High | 2024-04-17 |
This page lists every published CVE security advisory associated with netgsm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.