VYPR

All Push Notification

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-32547HigApr 9, 2025
    risk 0.53cvss 8.2epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through <= 1.5.3.

  • CVE-2025-25092HigMar 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <= 1.5.3.

  • CVE-2026-0816MedFeb 4, 2026
    risk 0.32cvss 4.9epss 0.00

    The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…