The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-27T16:22:07.320Z
Updated: 2023-11-27T16:22:07.320Z
Reserved: 2023-10-17T18:32:57.635Z
Link: CVE-2023-5620
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-27T17:15:09.137
Modified: 2023-12-02T04:36:03.177
Link: CVE-2023-5620
JSON object: View
Redhat Information
No data.
CWE