Wp Firebase Push Notification

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-5924 MEDIUM This Month

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Wp Firebase Push Notification PHP

NVD

CVSS 3.1

4.3

EPSS

0.0%

CVE-2025-5924

EPSS 0% CVSS 4.3

MEDIUM This Month

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Wp Firebase Push Notification +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy