Vulnerability Details: CSRF/XSS in Push Notifications for WordPress (Lite)
The JVN credits “Ten Katouno of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University” with finding cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite). In looking over the changes made to fix this, we found that the vulnerability could have led to cross-site scripting (XSS).
…