Lucene search
+L

4 matches found

nvd
nvd
added 2023/11/27 5:15 p.m.30 views

CVE-2023-5620

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...

5.4CVSS0.00426EPSS
Exploits2References1
cve
cve
added 2023/11/27 4:22 p.m.67 views

CVE-2023-5620

CVE-2023-5620 concerns Web Push Notifications (Webpushr) for WordPress, pre-4.35.0. The vulnerability is an unauthenticated Stored XSS due to insufficient protection when visitors can alter plugin settings, enabling an attacker to inject scripts via settings like price_drop_icon. The Red Hat/patc...

5.4CVSS5.6AI score0.00426EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/11/27 4:22 p.m.31 views

CVE-2023-5620 Webpushr < 4.35.0 - Unauthenticated Stored XSS

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...

5.4AI score0.00426EPSS
Exploits2References1
patchstack
patchstack
added 2023/11/08 12:0 a.m.14 views

WordPress Webpushr Plugin < 4.35.0 is vulnerable to Cross Site Scripting (XSS)

Software Webpushr Type Plugin Vulnerable versions 4.35.0 Fixed in 4.35.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5620 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 15644fc2ddd3 Credits Krzysztof Zając Required...

5.4CVSS5.6AI score0.00426EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder