CVE-2024-6159

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2025-48127

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through = 2.0.3...

CVE-2025-48127

CVE-2025-48127 is a Missing Authorization vulnerability in the WordPress plugin Push notification for Mobile and Web app , caused by misconfigured access control. Affected versions are listed as “from n/a through 2.0.3” (no public product/version details provided). The CVSS vector (AV:N/AC:L/PR:N...

WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin Push notification for Mobile and Web app versions = 2.0.3...

WordPress plugin Push notification for Mobile and Web app 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-21727 · Unknown · App Cheap Push Notification

Name of the Vulnerable Software and Affected Versions: App Cheap Push notification for Mobile and Web app versions n/a through 2.0.3 Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...

CVE-2024-6159

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6159

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6159 Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6159 Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6159

The CVE-2024-6159 issue affects the WordPress plugin Push Notification for Post and BuddyPress, vulnerable in all versions prior to 1.9.4 (≤1.93). The root cause is insufficient escaping/sanitization of user-supplied parameters in an AJAX action accessible to unauthenticated users, enabling SQL i...

WordPress plugin Push Notification for Post and BuddyPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

MAL-2025-3679 Malicious code in bitpay-push-notification-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff585151e0d20f0a3114337d0053b2fa14d0b74c758b8d3a60f9645028bba9f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

"Cannot Complete your request" during enumeration for DUO OAuth in 2 factor setup

Getting " Cannot complete your request" after duo push is successfully sent. In the url tab, we could see the client connection being pointed to storefront successfully...

CVE-2025-32546

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32546

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

WordPress plugin All push notification for WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-32547

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32547

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

PT-2025-15786 · WordPress · Push Notification For Wp

Name of the Vulnerable Software and Affected Versions: All push notification for WP versions 1.5.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Blind SQL Injection. This means an attacker could potentially force a user to perfor...