The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications โ Webpushr plugin <= 4.34.0...
8.8CVSS
8.7AI Score
0.001EPSS
The Feedify โ Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain...
5.4CVSS
5.3AI Score
0.001EPSS