Lucene search
K

129 matches found

CVE
CVE
added 2025/01/16 8:6 p.m.54 views

CVE-2025-23720

CVE-2025-23720 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Web Push (web-push) plugin by Marco Castelluccio that can lead to stored XSS. The provided sources confirm the issue arises in Web Push and can result in stored XSS, affecting versions up to and including ...

7.1CVSS7.2AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 8:6 p.m.9 views

CVE-2025-23720 WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...

7.1CVSS7.2AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Web Push versions = 1.4.0...

7.1CVSS6.2AI score0.0018EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.9 views

PT-2025-5048 · Mozilla · Web-Push

Name of the Vulnerable Software and Affected Versions: Mozilla Web Push versions n/a through 1.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in Mozilla Web Push, which allows Stored XSS. Recommendations: For Mozilla Web Push versions n/a through 1.4.0,...

7.1CVSS9.3AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.5 views

WordPress plugin Web Push 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

7.1CVSS8.2AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2024/12/20 11:15 p.m.11 views

CVE-2024-11811

The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'storeurl' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/20 10:23 p.m.17 views

CVE-2024-11811 Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting

The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'storeurl' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS0.00352EPSS
Exploits0References2
CVE
CVE
added 2024/12/20 10:23 p.m.48 views

CVE-2024-11811

The CVE CVE-2024-11811 affects the Feedify – Web Push Notifications WordPress plugin. It allows Reflected Cross-Site Scripting via parameters platform, phone, email, and store_url in all versions up to 2.4.2 due to insufficient input sanitization and output escaping. The vulnerability enables una...

6.1CVSS6AI score0.00352EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/20 8:18 p.m.4 views

WordPress Feedify – Web Push Notifications plugin <= 2.4.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Feedify – Web Push Notifications versions = 2.4.2...

6.1CVSS6.3AI score0.00352EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.3 views

WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

6.1CVSS7.7AI score0.00352EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/16 2:14 p.m.9 views

CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

7.1CVSS7.2AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 2:14 p.m.19 views

CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

7.1CVSS0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.6 views

PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1

Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...

7.1CVSS7AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/17 9:32 a.m.28 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS0.00442EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/17 9:32 a.m.12 views

CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.2CVSS6AI score0.00442EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

7.2CVSS6.5AI score0.00442EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/10/16 9:11 p.m.7 views

WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...

7.2CVSS5.7AI score0.00442EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.15 views

WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/06 6:32 p.m.16 views

CVE-2024-34369 WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0...

7.1CVSS6.9AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2023/11/27 5:15 p.m.30 views

CVE-2023-5620

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...

5.4CVSS0.00426EPSS
Exploits2References1
Rows per page
Query Builder