VYPR

Webpushr Web Push Notifications

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-32540HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through <= 2.4.5.

  • CVE-2024-34369HigMay 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0.

  • CVE-2026-24536MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.

  • CVE-2025-62869MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push…

  • CVE-2025-13950MedDec 15, 2025
    risk 0.27cvss 5.3epss 0.00

    The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST…

  • CVE-2023-5620Nov 27, 2023
    risk 0.00cvss epss 0.00

    The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

  • CVE-2022-3610Nov 28, 2022
    risk 0.00cvss epss 0.01

    The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…