VYPR

Push Notification For Post And Buddypress

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-6159CriMay 15, 2025
    risk 0.64cvss 9.8epss 0.02

    The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

  • CVE-2025-23771MedFeb 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a…

  • CVE-2024-12407MedJan 11, 2025
    risk 0.40cvss 6.1epss 0.00

    The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible…