CVE-2025-32546

Name of the Vulnerable Software and Affected Versions All push notification for WP versions 1.5.3 and earlier

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Reflected XSS. This means an attacker could potentially trick a user into performing unintended actions on the web application, and also inject malicious code into the user's browser.

Recommendations For versions 1.5.3 and earlier, update to a version that contains a fix for this issue, if available. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation. Restrict access to sensitive features that may be vulnerable to Reflected XSS attacks until the issue is resolved.