Onesignal Free Web Push Notifications
1 CVEs
product
Monthly
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
WordPress
Onesignal Free Web Push Notifications
NVD
CVSS 3.0
5.4
EPSS
1.1%
EPSS 1%
CVSS 5.4
MEDIUM
POC
This Month
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
WordPress
Onesignal Free Web Push Notifications
NVD