4 matches found
CVE-2023-5620
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...
CVE-2023-5620
CVE-2023-5620 concerns Web Push Notifications (Webpushr) for WordPress, pre-4.35.0. The vulnerability is an unauthenticated Stored XSS due to insufficient protection when visitors can alter plugin settings, enabling an attacker to inject scripts via settings like price_drop_icon. The Red Hat/patc...
CVE-2023-5620 Webpushr < 4.35.0 - Unauthenticated Stored XSS
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...
WordPress Webpushr Plugin < 4.35.0 is vulnerable to Cross Site Scripting (XSS)
Software Webpushr Type Plugin Vulnerable versions 4.35.0 Fixed in 4.35.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5620 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 15644fc2ddd3 Credits Krzysztof Zając Required...