CVE-2023-5620

Published: Nov 27, 2023Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

Affected (1)

Products: Webpushr: Web Push Notifications

Webpushr

1 product

Web Push Notifications

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webpushr Web Push Notifications	Before 4.35.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.