Lucene search
K

259 matches found

Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15786 · WordPress · Push Notification For Wp

Name of the Vulnerable Software and Affected Versions: All push notification for WP versions 1.5.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Blind SQL Injection. This means an attacker could potentially force a user to perfor...

8.2CVSS8.9AI score0.00205EPSS
Exploits0References4
HackRead
HackRead
added 2025/03/08 1:15 p.m.9 views

What Happens When Push Notifications Go Malicious?

A Storm of Scams Awaits!...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/05 3:34 p.m.7 views

CVE-2025-25092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

7.1CVSS7.2AI score0.00352EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/04 1:22 a.m.4 views

WordPress Passbeemedia Web Push Notification plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Passbeemedia Web Push Notification versions = 1.0.0...

7.1CVSS6.4AI score0.00255EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/03/03 2:15 p.m.6 views

CVE-2025-25092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

7.1CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.43 views

CVE-2025-25092

CVE-2025-25092 is a reflected XSS in the WordPress plugin “All push notification for WP” (affecting versions up to 1.5.3). The issue arises from improper input neutralization during web-page generation, enabling reflected malicious input to be executed in a victim’s browser. Reported CVSSv3.1 bas...

7.1CVSS7.2AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.15 views

CVE-2025-25092 WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

7.1CVSS0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.3 views

WordPress plugin All push notification for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS8.2AI score0.00352EPSS
Exploits0References3
NVD
NVD
added 2025/02/14 1:15 p.m.16 views

CVE-2025-23771

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...

6.5CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 12:44 p.m.50 views

CVE-2025-23771

CVE-2025-23771 describes a Missing Authorization vulnerability in the WordPress plugin Push Notification for Post and BuddyPress (Murali Push Notification for Post and BuddyPress). Affected versions are from n/a through 2.11. The issue stems from incorrectly configured access control levels, enab...

6.5CVSS7.2AI score0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 12:44 p.m.5 views

CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...

6.5CVSS7.2AI score0.00373EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.4 views

WordPress plugin Push Notification for Post and BuddyPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.2AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2025/02/04 7:19 a.m.61 views

CVE-2025-20899

CVE-2025-20899 concerns an improper access control flaw in Samsung’s PushNotification component. Affected: PushNotification prior to 13.0.00.15 on Android 12, prior to 14.0.00.7 on Android 13, and prior to 15.1.00.5 on Android 14. The root cause is access-control weaknesses that could allow a loc...

4CVSS6.8AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/04 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which stems from an improper access control issue contained in PushNotification...

4CVSS6.6AI score0.00143EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 4:12 p.m.5 views

WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin All push notification for WP versions = 1.5.3...

7.1CVSS6.1AI score0.00352EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.11...

6.5CVSS7AI score0.00373EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/11 7:21 a.m.5 views

CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting

The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS7.4AI score0.00342EPSS
Exploits0References3
CVE
CVE
added 2025/01/11 7:21 a.m.37 views

CVE-2024-12407

CVE-2024-12407 affects the Push Notification for Post and BuddyPress WordPress plugin. It enables a reflected XSS via the pushnotificationid parameter in versions up to and including 2.06, exploitable by unauthenticated attackers who lure a user to perform an action. Impact is described as client...

6.1CVSS7.4AI score0.00342EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.3 views

PT-2025-1834 · WordPress · Push Notification For Post/Buddypress

Name of the Vulnerable Software and Affected Versions: Push Notification for Post and BuddyPress plugin for WordPress versions up to, and including, 2.06 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.8AI score0.00342EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.2 views

WordPress plugin Push Notification for Post and BuddyPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS7.6AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder