CVE-2023-0644

Name of the Vulnerable Software and Affected Versions Push Notifications for WordPress by PushAssist WordPress plugin versions 3.0.8 and earlier

Description The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly sanitise and escape various parameters before outputting them back in pages. This could be used against high privilege users such as admin.

Recommendations For versions 3.0.8 and earlier, update to a version later than 3.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.