Lucene search
+L

56 matches found

prion
prion
added 2023/11/27 5:15 p.m.18 views

Cross site scripting

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...

4.9CVSS5.8AI score0.00426EPSS
Exploits2References1Affected Software1
cve
cve
added 2023/11/27 4:22 p.m.67 views

CVE-2023-5620

CVE-2023-5620 concerns Web Push Notifications (Webpushr) for WordPress, pre-4.35.0. The vulnerability is an unauthenticated Stored XSS due to insufficient protection when visitors can alter plugin settings, enabling an attacker to inject scripts via settings like price_drop_icon. The Red Hat/patc...

5.4CVSS5.6AI score0.00426EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/11/27 4:22 p.m.32 views

CVE-2023-5620 Webpushr < 4.35.0 - Unauthenticated Stored XSS

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...

5.4AI score0.00426EPSS
Exploits2References1
osv
osv
added 2023/11/13 3:15 a.m.5 views

CVE-2023-35041

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS7.3AI score0.00316EPSS
Exploits0References1
prion
prion
added 2023/11/13 3:15 a.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

6.8CVSS7.2AI score0.00316EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/11/13 2:12 a.m.53 views

CVE-2023-35041

CVE-2023-35041 affects the WordPress plugin Webpushr Web Push Notifications (Webpushr) version

8.8CVSS8.8AI score0.00316EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/11/13 12:0 a.m.6 views

WordPress Plugin Web Push Notifications - Webpushr Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.5AI score0.00316EPSS
Exploits0References2
patchstack
patchstack
added 2023/04/19 12:0 a.m.11 views

WordPress Subscribers – Free Web Push Notifications Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Subscribers – Free Web Push Notifications Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22684 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 892cf19e4971 Credi...

5.9CVSS6AI score0.00369EPSS
Exploits0References2Affected Software1
prion
prion
added 2021/09/10 2:15 p.m.14 views

Cross site scripting

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...

4.3CVSS6.1AI score0.00895EPSS
Exploits1References2Affected Software1
cve
cve
added 2021/09/10 1:33 p.m.46 views

CVE-2021-38352

The CVE-2021-38352 entry concerns the WordPress plugin Feedify – Web Push Notifications . The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw triggered via the feedify_msg parameter in the file includes/base.php , affecting versions up to and including 2.1.8 . Successful exploitation...

6.1CVSS6AI score0.00895EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2021/09/10 1:33 p.m.4 views

CVE-2021-38352 Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedifymsg parameter found in the /includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8...

6.1CVSS6.4AI score0.00895EPSS
Exploits1References2
cnnvd
cnnvd
added 2021/09/10 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS6.1AI score0.00895EPSS
Exploits1References4
malwarebytes
malwarebytes
added 2020/12/29 4:5 p.m.52 views

SearchDimension search hijackers: An overview of developments

Background information on SearchDimension SearchDimension is the name of a family of browser hijackers that makes money from ad clicks and search engine revenues. The family was named after the domain searchdimension.com that popped up in 2017, and they still sometimes use the letter combo SD in...

0.9AI score
Exploits0
malwarebytes
malwarebytes
added 2020/12/04 4:30 p.m.38 views

File-sharing and cloud storage sites: How safe are they?

There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...

7AI score
Exploits0
nvd
nvd
added 2019/08/30 2:15 p.m.17 views

CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...

5.4CVSS5.4AI score0.01063EPSS
Exploits2References3
zdt
zdt
added 2019/07/18 12:0 a.m.37 views

WordPress OneSignal 1.17.5 Plugin (subdomain) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version...

7.1AI score
Exploits0
Rows per page
Query Builder