Lucene search
K

34 matches found

Patchstack
Patchstack
added 2024/05/03 11:14 a.m.5 views

WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Webpushr versions = 4.35.0...

7.1CVSS6.1AI score0.00356EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.8 views

WordPress Webpushr Plugin <= 4.35.0 is vulnerable to Cross Site Scripting (XSS)

Software Webpushr Type Plugin Vulnerable versions = 4.35.0 Fixed in 4.36.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34369 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 03353ed1ddab Credits Dimas Maulana Required privilege...

7.1CVSS6.5AI score0.00356EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.20 views

Webpushr < 4.35.0 - LFI via CSRF

Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...

8.8CVSS7AI score0.00316EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/11/13 3:15 a.m.5 views

CVE-2023-35041

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS7.3AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2023/11/13 3:15 a.m.17 views

CVE-2023-35041

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS0.00316EPSS
Exploits0References1
Prion
Prion
added 2023/11/13 3:15 a.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

6.8CVSS7.2AI score0.00316EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/13 2:12 a.m.10 views

CVE-2023-35041 WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS7.3AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2023/11/13 2:12 a.m.53 views

CVE-2023-35041

CVE-2023-35041 affects the WordPress plugin Webpushr Web Push Notifications (Webpushr) version

8.8CVSS8.8AI score0.00316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/13 2:12 a.m.25 views

CVE-2023-35041 WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS9AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.6 views

WordPress Plugin Web Push Notifications - Webpushr Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.5AI score0.00316EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/08 12:0 a.m.12 views

WordPress Webpushr Plugin < 4.35.0 is vulnerable to Cross Site Scripting (XSS)

Software Webpushr Type Plugin Vulnerable versions 4.35.0 Fixed in 4.35.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5620 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 15644fc2ddd3 Credits Krzysztof Zając Required...

5.4CVSS5.6AI score0.00426EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.15 views

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. PoC 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the...

5.4CVSS5.6AI score0.00426EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.236 views

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...

5.4CVSS5.8AI score0.00426EPSS
Exploits2
Patchstack
Patchstack
added 2023/10/19 12:0 a.m.9 views

WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webpushr Type Plugin Vulnerable versions = 4.34.0 Fixed in 4.35.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35041 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5f64981a29ac Credits Theodoros Malachias...

8.8CVSS6.6AI score0.00316EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder