3 matches found
CVE-2024-12407
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-12407
creationtimestamp| type| source ---|---|--- 2025-01-11 07:42:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113808596752364339 2025-01-11 08:03:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1278 2025-01-11 08:15:59+00:00| seen|...
CVE-2024-12407 Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...