CVE-2024-9184

Published
View on NVD ↗
CVSS v3
7.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

SendPulse Free Web Push
SendPulse Free Web Push
<p>SendPulse Web Push is a WordPress plugin that allows you to send <a href="https://sendpulse.com/features/webpush" rel="nofollow ugc">web push</a> campaigns.</p> <p>Web push notifications are instant notifications sent to subscribers’ devices. They allow you to quickly inform your customers about recent news, sales, order statuses, or other important events.</p> <p>Your site visitors can sign up to receive notifications about your new posts or important events.</p> <h4>FEATURES</h4> <ol> <li>Browsers supported: Chrome (Desktop &amp; Android), Firefox (Desktop), and Opera (Desktop) on both HTTP and HTTPS sites.</li> <li>Offline notifications: Users will see your notification as soon as they go online.</li> <li>Personalization and segmentation: Your site visitors can receive personalized notifications. Segment your web push campaigns based on users’ location or other details.</li> <li>A/B Testing: Maximize your web push campaigns’ CTR by split-testing them.</li> <li>Trigger messages and bulk messages: Send web push notifications via your personal account, or create automated campaigns triggered by certain events.</li> <li>Real Time Stats: Monitor your open rate, click-through rate, subscription rate, and more.</li> <li> <p>Developer API: Use SendPulse’s API to send web push notifications, emails, and SMS messages via a single platform.</p> <p>Send an unlimited number of web push notifications to 10,000 subscribers for free. <a href="https://sendpulse.com/knowledge-base/push-notifications/rss-campaign" rel="nofollow ugc">With RSS</a>, your subscribers will receive notifications as soon as a new post is published on your WordPress site.</p> <p>Create a <a href="https://sendpulse.com/register" rel="nofollow ugc">SendPulse account</a> to start sending your web push campaigns.</p> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/YLRYj1ILZnM?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span> </li> </ol>
WordPress Plugin DirectoryWordPress Plugin Directory
35.2K