Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Persian Woocommerce SMS allows attackers to inject malicious code into web pages
CVE-2026-22352
Summary
A security issue exists in Persian Woocommerce SMS, a plugin used by online stores. If not addressed, attackers could inject malicious code into web pages, potentially stealing user data or taking control of accounts. Update to version 7.1.2 or later to fix the issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue a...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.1.1.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026