CVE-2019-15827

CVE-2019-15827

EPSS 1.1%

The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wordpress.org/plugins/onesignal-free-web-push-notifications/#developers https://wpvulndb.com/vulnerabilities/9478 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5530.php