9 matches found
CVE-2023-45274
Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...
EUVD-2023-49580
Malicious code in bioql PyPI...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
PT-2024-39475 · Sendpulse · Sendpulse Free Web Push
Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...
WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...
CVE-2023-45274
CVE-2023-45274 is a CSRF vulnerability in the WordPress plugin SendPulse Free Web Push for versions
CVE-2023-45274 WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...
CVE-2019-15827
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...