cleantalk
Vulnerabilities and Security Researches

Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events &, CVE-2025-31548

CVE, Research URL

CVE-2025-31548

Home page URL

Security reports for Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events &

Application

Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events &

Published on
Apr 02, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
Affected versions
Min -, max 1.1.8.
Status
vulnerable
Previous vulnerability researches
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & (CVE-2025-50028) , Jul 19, 2025
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & (CVE-2025-31561) , Apr 03, 2025
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & (CVE-2025-31548) , Apr 03, 2025
New vulnerability
DB Backup (CVE-2025-50031) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6720) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6721) , Jul 19, 2025
Media Library Assistant (CVE-2025-7035) , Jul 19, 2025
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025