CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5620 – Webpushr < 4.35.0 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2023-5620
06 Nov 2023 — The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. El complemento Web Push Notifications de WordPress anterior a 4.35.0 no impide que los visitantes del sitio cambien algunas de las opciones del complemento, algunas de las cuales pueden usarse para realizar ataques XSS Almacenados. The Web Push Notifications – Webpushr plugin for WordPress is vulnerable to unauthori... • https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35041 – WordPress Webpushr Plugin <= 4.34.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35041
19 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) que conduce a Local File Inclusion (LF) en Webpushr Web Push Notifications Web Push Notifications: complemento Webpushr en versiones <= 4.34.0. The Webpushr plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.34.0. This is due ... • https://patchstack.com/database/vulnerability/webpushr-web-push-notifications/wordpress-web-push-notifications-webpushr-plugin-4-34-0-csrf-leading-to-lfi-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38352 – Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38352
09 Sep 2021 — The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. El plugin Feedify - Web Push Notifications de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro feedify_msg encontrado en el archivo ~/includes/base.php que permite a atacantes inyectar scripts web... • https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •