Sendpulse Web Push
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9184 | Hig | 0.40 | 7.2 | 0.00 | Oct 17, 2024 | The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web… | ||
| CVE-2023-45274 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions. |
- risk 0.40cvss 7.2epss 0.00
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.