WordPress Plugin Vulnerabilities

OneSignal Web Push Notifications - Stored XSS

Description

The OneSignal – Web Push Notifications WordPress plugin was affected by a Stored XSS security vulnerability.

Affects Plugins

Plugin icon
onesignal-free-web-push-notifications
Fixed in 1.17.8

References

CVE
CVE-2019-15827
Exploitdb
47136
URL
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5530.php

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
Yes
WPVDB ID
aee947ef-17bf-4db5-9eef-467c98a6f047

Timeline

Publicly Published
2019-07-18 (about 6 years ago)
Added
2019-07-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-01-27
Title
AI ChatBot < 4.3.1 - Admin+ Stored XSS
Published
2023-04-24
Title
Recipe Maker For Your Food Blog from Zip Recipes < 8.0.7 - Reflected XSS
Published
2016-08-02
Title
WangGuard <= 1.7.1 - Cross-Site Scripting (XSS)
Published
2026-01-17
Title
Wpresidence Core <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Feedburner Optin Form <= 0.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting