cleantalk
Vulnerabilities and Security Researches

OneSignal – Web Push Notifications, CVE-2019-15827

CVE, Research URL

CVE-2019-15827

Home page URL

Security reports for OneSignal – Web Push Notifications

Application

OneSignal – Web Push Notifications

Published on
Aug 30, 2019
Research Description
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
Affected versions
max 1.17.8.
Status
vulnerable
Previous vulnerability researches
OneSignal – Web Push Notifications , Dec 03, 2024
OneSignal – Web Push Notifications (CVE-2026-3155) , Apr 17, 2026
OneSignal – Web Push Notifications (CVE-2025-13950) , Jan 10, 2026
OneSignal – Web Push Notifications (CVE-2019-15827) , Jun 06, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026