Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Faraz SMS Plugin Allows Malicious Code to Run on Your Website
CVE-2025-68031
Summary
A security issue in Faraz SMS Plugin allows attackers to inject malicious code into your website, potentially allowing them to steal user data or take control of your site. This affects the Faraz SMS Plugin if you're using version 2.7.3 or earlier. You should update the plugin to a fixed version to prevent this risk.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects ا...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026