Web Push Notifications Security Vulnerabilities

CVE-2023-5620

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS...

CVE-2023-35041

Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0...

CVE-2021-38352

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...

CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain...