34 matches found
WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Webpushr versions = 4.35.0...
WordPress Webpushr Plugin <= 4.35.0 is vulnerable to Cross Site Scripting (XSS)
Software Webpushr Type Plugin Vulnerable versions = 4.35.0 Fixed in 4.36.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34369 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 03353ed1ddab Credits Dimas Maulana Required privilege...
Webpushr < 4.35.0 - LFI via CSRF
Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...
CVE-2023-35041
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
CVE-2023-35041
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
CVE-2023-35041 WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
CVE-2023-35041
CVE-2023-35041 affects the WordPress plugin Webpushr Web Push Notifications (Webpushr) version
CVE-2023-35041 WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
WordPress Plugin Web Push Notifications - Webpushr Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Webpushr Plugin < 4.35.0 is vulnerable to Cross Site Scripting (XSS)
Software Webpushr Type Plugin Vulnerable versions 4.35.0 Fixed in 4.35.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5620 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 15644fc2ddd3 Credits Krzysztof Zając Required...
Webpushr < 4.35.0 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. PoC 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the...
Webpushr < 4.35.0 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...
WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Webpushr Type Plugin Vulnerable versions = 4.34.0 Fixed in 4.35.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35041 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5f64981a29ac Credits Theodoros Malachias...