CVE-2023-5620
Webpushr < 4.35.0 - Unauthenticated Stored XSS
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
Affected products
Unknown · Web Push Notifications