259 matches found
PT-2025-15786 · WordPress · Push Notification For Wp
Name of the Vulnerable Software and Affected Versions: All push notification for WP versions 1.5.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Blind SQL Injection. This means an attacker could potentially force a user to perfor...
What Happens When Push Notifications Go Malicious?
A Storm of Scams Awaits!...
CVE-2025-25092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...
WordPress Passbeemedia Web Push Notification plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Passbeemedia Web Push Notification versions = 1.0.0...
CVE-2025-25092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...
CVE-2025-25092
CVE-2025-25092 is a reflected XSS in the WordPress plugin “All push notification for WP” (affecting versions up to 1.5.3). The issue arises from improper input neutralization during web-page generation, enabling reflected malicious input to be executed in a victim’s browser. Reported CVSSv3.1 bas...
CVE-2025-25092 WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...
WordPress plugin All push notification for WP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-23771
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...
CVE-2025-23771
CVE-2025-23771 describes a Missing Authorization vulnerability in the WordPress plugin Push Notification for Post and BuddyPress (Murali Push Notification for Post and BuddyPress). Affected versions are from n/a through 2.11. The issue stems from incorrectly configured access control levels, enab...
CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...
WordPress plugin Push Notification for Post and BuddyPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-20899
CVE-2025-20899 concerns an improper access control flaw in Samsung’s PushNotification component. Affected: PushNotification prior to 13.0.00.15 on Android 12, prior to 14.0.00.7 on Android 13, and prior to 15.1.00.5 on Android 14. The root cause is access-control weaknesses that could allow a loc...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which stems from an improper access control issue contained in PushNotification...
WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin All push notification for WP versions = 1.5.3...
WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability
Settings Change vulnerability discovered by Mika in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.11...
CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12407
CVE-2024-12407 affects the Push Notification for Post and BuddyPress WordPress plugin. It enables a reflected XSS via the pushnotificationid parameter in versions up to and including 2.06, exploitable by unauthenticated attackers who lure a user to perform an action. Impact is described as client...
PT-2025-1834 · WordPress · Push Notification For Post/Buddypress
Name of the Vulnerable Software and Affected Versions: Push Notification for Post and BuddyPress plugin for WordPress versions up to, and including, 2.06 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows...
WordPress plugin Push Notification for Post and BuddyPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...