VYPR

Onesignal Wordpress Plugin

by OneSignal

Source repositories

CVEs (1)

  • CVE-2025-13950MedDec 15, 2025
    risk 0.27cvss 5.3epss 0.00

    The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST…