Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.
[
{
"product": "Push Notifications for WordPress (Lite)",
"vendor": "Delite Studio",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.0.1"
}
]
}
]