CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34369 – WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34369
03 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Webpushr Web Push Notifications Webpushr permite Reflected XSS. Este problema afecta a Webpushr: desde n/a hasta 4.35.0. The Web Push Notifications – Webpushr plugin for W... • https://patchstack.com/database/vulnerability/webpushr-web-push-notifications/wordpress-web-push-notifications-webpushr-plugin-4-35-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5620 – Webpushr < 4.35.0 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2023-5620
06 Nov 2023 — The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. El complemento Web Push Notifications de WordPress anterior a 4.35.0 no impide que los visitantes del sitio cambien algunas de las opciones del complemento, algunas de las cuales pueden usarse para realizar ataques XSS Almacenados. The Web Push Notifications – Webpushr plugin for WordPress is vulnerable to unauthori... • https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35041 – WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35041
19 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) que conduce a Local File Inclusion (LF) en Webpushr Web Push Notifications Web Push Notifications: complemento Webpushr en versiones <= 4.34.0. The Webpushr plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.34.0. This is due ... • https://patchstack.com/database/vulnerability/webpushr-web-push-notifications/wordpress-web-push-notifications-webpushr-plugin-4-34-0-csrf-leading-to-lfi-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •