129 matches found
CVE-2025-23720
CVE-2025-23720 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Web Push (web-push) plugin by Marco Castelluccio that can lead to stored XSS. The provided sources confirm the issue arises in Web Push and can result in stored XSS, affecting versions up to and including ...
CVE-2025-23720 WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through = 1.4.0...
WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Web Push versions = 1.4.0...
PT-2025-5048 · Mozilla · Web-Push
Name of the Vulnerable Software and Affected Versions: Mozilla Web Push versions n/a through 1.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in Mozilla Web Push, which allows Stored XSS. Recommendations: For Mozilla Web Push versions n/a through 1.4.0,...
WordPress plugin Web Push 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
CVE-2024-11811
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'storeurl' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-11811 Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'storeurl' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-11811
The CVE CVE-2024-11811 affects the Feedify – Web Push Notifications WordPress plugin. It allows Reflected Cross-Site Scripting via parameters platform, phone, email, and store_url in all versions up to 2.4.2 due to insufficient input sanitization and output escaping. The vulnerability enables una...
WordPress Feedify – Web Push Notifications plugin <= 2.4.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Feedify – Web Push Notifications versions = 2.4.2...
WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...
PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1
Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-9184 SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wpksesallowedhtml function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
PT-2024-39475 · Sendpulse · Sendpulse Free Web Push
Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...
WordPress SendPulse Free Web Push plugin <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SendPulse Free Web Push versions = 1.3.6...
WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...
CVE-2024-34369 WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0...
CVE-2023-5620
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks...