2242 matches found
CVE-2025-31561
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31561
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31561 WordPress Ultimate Push Notifications plugin <= 1.2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31561 WordPress Ultimate Push Notifications plugin <= 1.1.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in M. Tuhin Ultimate Push Notifications allows SQL Injection. This issue affects Ultimate Push Notifications: from n/a through 1.1.8...
CVE-2025-31548 WordPress Ultimate Push Notifications plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8...
CVE-2025-31548 WordPress Ultimate Push Notifications plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...
CVE-2025-31548
The CVE-2025-31548 entry affects Ultimate Push Notifications (WordPress) up to version 1.1.8, with a Reflected XSS vulnerability in input handling during web page generation. The vulnerability is described as XSS in the plugin, but exploitation status and a mitigation/fix are not provided in the ...
WordPress plugin Ultimate Push Notifications SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin Ultimate Push Notifications 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-14427 · Unknown · M. Tuhin Ultimate Push Notifications
Name of the Vulnerable Software and Affected Versions: M. Tuhin Ultimate Push Notifications versions n/a through 1.1.8 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...
PT-2025-14421 · Unknown · M. Tuhin Ultimate Push Notifications
Name of the Vulnerable Software and Affected Versions: M. Tuhin Ultimate Push Notifications versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This means an attack...
GHSA-FC83-9JWQ-GC2M Web Push Denial of Service via malicious Web Push endpoint
Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...
Web Push Denial of Service via malicious Web Push endpoint
Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...
CVE-2024-13877
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13877 Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13877 Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
What Happens When Push Notifications Go Malicious?
A Storm of Scams Awaits!...
CVE-2025-25092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...