CVE-2026-0816

Name of the Vulnerable Software and Affected Versions All push notification for WP versions up to and including 1.5.3

Description The All push notification for WP plugin for WordPress is susceptible to time-based SQL Injection via the delete id parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. Successful exploitation allows authenticated attackers with administrator-level access or higher to inject additional SQL queries into existing queries, potentially enabling the extraction of sensitive information from the database.

Recommendations Versions prior to and including 1.5.3 should be updated to a newer, fixed version when available.