MAL-2025-39696 Malicious code in xenos-cosmicsilence-ichnology-firebase (npm)

The package xenos-cosmicsilence-ichnology-firebase was found to contain malicious code...

Malicious code in queue-firebase (npm)

The package queue-firebase was found to contain malicious code...

Malicious code in cordova-plugin-firebase-lovespace (npm)

The package cordova-plugin-firebase-lovespace was found to contain malicious code...

Malicious code in meissa-firebase-equinox-docusaurus (npm)

The package meissa-firebase-equinox-docusaurus was found to contain malicious code...

MAL-2025-17566 Malicious code in cordova-plugin-firebase-lovespace (npm)

The package cordova-plugin-firebase-lovespace was found to contain malicious code...

MAL-2025-17203 Malicious code in cluster-publish-firebase-module (npm)

The package cluster-publish-firebase-module was found to contain malicious code...

MAL-2025-20585 Malicious code in firebase-babel-apollo-dotenv-safe (npm)

The package firebase-babel-apollo-dotenv-safe was found to contain malicious code...

MAL-2025-18667 Malicious code in dotenv-safe-firebase-uninstall-innercore (npm)

The package dotenv-safe-firebase-uninstall-innercore was found to contain malicious code...

MAL-2025-27164 Malicious code in nebula-firebase-queue (npm)

The package nebula-firebase-queue was found to contain malicious code...

MAL-2025-25658 Malicious code in luminescence-hexo-firebase-kuiperbelt (npm)

The package luminescence-hexo-firebase-kuiperbelt was found to contain malicious code...

Malicious code in cluster-publish-firebase-module (npm)

The package cluster-publish-firebase-module was found to contain malicious code...

Malicious code in andromeda-child-process-local-firebase (npm)

The package andromeda-child-process-local-firebase was found to contain malicious code...

MAL-2025-20586 Malicious code in firebase-io-taurus-procyon (npm)

The package firebase-io-taurus-procyon was found to contain malicious code...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade firebase/php-jwt to version 7.0.0 or higher. References...

CVE-2025-5924

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

CVE-2025-5924

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

CVE-2025-5924

CVE-2025-5924 concerns the WP Firebase Push Notification WordPress plugin (versions

CVE-2025-5924 WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

WordPress plugin WP Firebase Push Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-27841 · WordPress · Wp Firebase Push Notification

Name of the Vulnerable Software and Affected Versions: WP Firebase Push Notification plugin for WordPress versions prior to 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the wfpn brodcast notification message function, making it possible for unauthenticated...