Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High1
Medium4
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-12-15

CVE-2025-13950 - Web Push Notifications Plugin

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying user capabilities or nonces. This makes it possible for unauthenticated attackers to overwrite the OneSignal App ID, REST API key, and notification behavior via direct POST requests.

PLUGIN Web Push Notifications

CVE-2025-13950

MEDIUM CVSS 5.3 2025-12-15
Open Full Technical Breakdown
Threat Entry Updated 2025-04-30

CVE-2024-13874 - Web Push Notifications Plugin

The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Web Push Notifications

CVE-2024-13874

HIGH CVSS 7.1 2025-04-10
Open Full Technical Breakdown
Threat Entry Updated 2024-12-20

CVE-2024-11811 - Web Push Notifications Plugin

The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Web Push Notifications

CVE-2024-11811

MEDIUM CVSS 6.1 2024-12-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5620 - Web Push Notifications Plugin

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

PLUGIN Web Push Notifications

CVE-2023-5620

MEDIUM CVSS 5.4 2023-11-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-38352 - Web Push Notifications Plugin

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.

PLUGIN Web Push Notifications

CVE-2021-38352

MEDIUM CVSS 6.1 2021-09-10
Open Full Technical Breakdown
Scroll to top