Pushengage Web Push Notifications Ecommerce Automation Amp Chat Widget
Monthly
Sensitive data exposure in the PushEngage WordPress plugin (versions <= 4.2.3) allows authenticated low-privileged users to access subscriber information that should remain protected. The flaw, reported by Patchstack and tracked as CWE-201 (Insertion of Sensitive Information Into Sent Data), affects WordPress sites running the Web Push Notifications, eCommerce Automation & Chat Widget plugin and carries a CVSS 3.1 score of 7.4 with a scope change. No public exploit identified at time of analysis.
Sensitive data exposure in the PushEngage WordPress plugin (versions <= 4.2.3) allows authenticated low-privileged users to access subscriber information that should remain protected. The flaw, reported by Patchstack and tracked as CWE-201 (Insertion of Sensitive Information Into Sent Data), affects WordPress sites running the Web Push Notifications, eCommerce Automation & Chat Widget plugin and carries a CVSS 3.1 score of 7.4 with a scope change. No public exploit identified at time of analysis.