Vulnerabilities > CVE-2023-0644 - Unspecified vulnerability in Pushassist Push Notifications

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

pushassist

NVD

Published: 2023-05-15

Updated: 2023-11-07

Summary

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vulnerable Configurations

Part	Description	Count
Application	Pushassist Pushassist Push Notifications *	1

References

https://wpscan.com/vulnerability/08f5089c-36f3-4d12-bca5-99cd3ae78f67