← back
CVE-2023-5620

Webpushr < 4.35.0 - Unauthenticated Stored XSS

EPSS 0.4%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.