Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

veronalabs — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting veronalabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

VeronaLabs operates as a provider of specialized software solutions, though specific product details remain obscure in public records. An analysis of its security posture reveals a concerning history, with thirty-four Common Vulnerabilities and Exposures (CVEs) currently documented. These vulnerabilities predominantly span critical classes such as Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws. The high frequency of RCE issues suggests systemic weaknesses in input validation and sandboxing mechanisms within their architecture. While no single catastrophic data breach has been widely publicized, the cumulative impact of these thirty-four entries indicates a persistent struggle with fundamental secure coding practices. This pattern of recurring, high-severity flaws implies that the organization may lack robust automated security testing or rigorous code review processes. Consequently, users and administrators face significant risks when deploying VeronaLabs products, necessitating strict network segmentation and continuous monitoring to mitigate potential exploitation vectors.

Found 8 results / 34Clear Filters
Top products by veronalabs: SlimStat Analytics WP SMS WP Statistics – Simple, privacy-friendly Google Analytics alternative WP Statistics WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability — WP SMSCWE-89 7.6 High2026-02-26
CVE-2026-25343 WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 5.9 Medium2026-02-19
CVE-2025-62006 WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability — WP SMSCWE-862 5.4 Medium2025-10-22
CVE-2024-43331 WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability — WP SMSCWE-862 5.3 Medium2024-08-22
CVE-2024-34811 WordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 5.9 Medium2024-05-13
CVE-2024-30454 WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability — WP SMSCWE-352 4.3 Medium2024-03-29
CVE-2024-25920 WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability — WP SMSCWE-79 6.5 Medium2024-03-27
CVE-2023-32742 WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) — WP SMSCWE-79 7.1 High2023-08-30

This page lists every published CVE security advisory associated with veronalabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.