Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.6 views

CVE-2023-45274

Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...

8.8CVSS7.1AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-49580

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 9:32 a.m.25 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS0.00442EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/17 9:32 a.m.12 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS6AI score0.00442EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

7.2CVSS6.5AI score0.00442EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/10/16 9:11 p.m.7 views

WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...

7.2CVSS5.7AI score0.00442EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/16 8:21 a.m.51 views

CVE-2023-45274

CVE-2023-45274 is a CSRF vulnerability in the WordPress plugin SendPulse Free Web Push for versions

8.8CVSS6.5AI score0.00214EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 8:21 a.m.11 views

CVE-2023-45274 WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in SendPulse SendPulse Free Web Push plugin = 1.3.1 versions...

4.3CVSS8.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2019/08/30 2:15 p.m.14 views

CVE-2019-15827

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter...

5.4CVSS5.4AI score0.01063EPSS
Exploits2References3
Rows per page
Query Builder