CVE-2024-6159 in Push Notification for Post and BuddyPress Plugininformação

Sumário

de MITRE • 16/05/2025

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservar

19/06/2024

Divulgação

16/05/2025

Moderação

aceite

Entrada

VDB-301226

CPE

pronto

EPSS

0.02491

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!