Filtered by vendor Sendpulse Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-45274 1 Sendpulse 1 Free Web Push 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.
CVE-2024-9184 1 Sendpulse 1 Free Web Push 2024-10-18 7.2 High
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.