All push notification for WP - Reflected cross-site scripting (XSS)
Summary
| Name | All push notification for WP 1.5.3 - Reflected cross-site scripting (XSS) |
| Code name | skims-0039 |
| Product | All push notification for WP |
| Affected versions | Version 1.5.3 |
| State | Private |
| Release date | 2025-03-14 |
Vulnerability
| Kind | Reflected cross-site scripting (XSS) |
| Rule | Reflected cross-site scripting (XSS) |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U |
| CVSSv4 Base Score | 4.8 (Medium) |
| Exploit available | No |
| CVE ID(s) | CVE-2025-31311 |
Description
All push notification for WP 1.5.3 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/pushnotification-admin/class-pushn otification-admin.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in All push notification for WP 1.5.3. The following is the output of the tool:
Skims output
128 | function all_pushnotifications_wp_html(){
129 | //Create an instance of our package class...
130 | $push_notifications_Table = new Push_Notification_List_Table();
131 | //Fetch, prepare, sort, and filter our data...
132 | $push_notifications_Table->prepare_items();
133 | ?>
134 | <div class=""wrap"">
135 |
136 | <h2><?php _e('Push Notifications Data')?></h2>
137 | <p><?php if(isset($_GET['notifications'])=='send') { echo _e('Notifications Sent.');}?> </p>
138 | <!-- Forms are NOT created automatically, so you need to wrap the table in one to use features like bulk actions -->
139 | <form id=""all_pushnotification_list_table"" action="""" method=""get"">
140 | <!-- For plugins, we also need to ensure that the form posts back to our current page -->
> 141 | <input type=""hidden"" name=""page"" value=""<?php echo $_REQUEST['page'] ?>"" />
142 | <!-- Now we can render the completed list table -->
143 | <?php $push_notifications_Table->display(); ?>
144 | </form>
145 | </div>
146 | <?php
147 | }
^ Col 0
Our security policy
We have reserved the ID CVE-2025-31311 to refer to this issue from now on.
System Information
- Product: All push notification for WP
- Version: 1.5.3
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-03-14
Vulnerability discovered.
2025-03-14
Vendor contacted.
