| CVE-2026-3155 | OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' | onesignal | OneSignal – Web Push Notifications | Low | 3.1 | 2026-04-16 11:21:22 | Deep Dive |
| CVE-2026-32373 | WordPress SMS Alert Order Notifications plugin <= 3.9.0 - Broken Access Control vulnerability | Cozy Vision | SMS Alert Order Notifications | 中危 | - | 2026-03-13 11:42:07 | Deep Dive |
| CVE-2026-1651 | Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 6.5 | 2026-03-04 01:22:00 | Deep Dive |
| CVE-2026-2410 | Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update | themeisle | Disable Admin Notices – Hide Dashboard Notifications | Medium | 4.3 | 2026-02-25 09:26:51 | Deep Dive |
| CVE-2025-15318 | Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | Tanium | End-User Notifications Endpoint Tools | Medium | 5.5 | 2026-02-09 22:56:27 | Deep Dive |
| CVE-2025-13950 | OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update | onesignal | OneSignal – Web Push Notifications | Medium | 5.3 | 2025-12-15 14:25:13 | Deep Dive |
| CVE-2025-62869 | WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability | Gravitec.net - Web Push Notifications | Gravitec.net – Web Push Notifications | - | - | 2025-12-09 14:52:24 | Deep Dive |
| CVE-2025-66086 | WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability | Cozy Vision | SMS Alert Order Notifications | Medium | 5.3 | 2025-11-21 12:29:58 | Deep Dive |
| CVE-2025-62915 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability | clicksend | SMS Contact Form 7 Notifications by ClickSend | Medium | 4.3 | 2025-10-27 01:33:55 | Deep Dive |
| CVE-2025-49915 | WordPress SMS Alert Order Notifications plugin <= 3.8.5 - SQL Injection vulnerability | Cozy Vision | SMS Alert Order Notifications | Critical | 9.3 | 2025-10-22 14:32:12 | Deep Dive |
| CVE-2025-12033 | Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting | rpetersen29 | Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website | Medium | 4.4 | 2025-10-22 06:40:59 | Deep Dive |
| CVE-2025-58658 | WordPress Proof Factor – Social Proof Notifications Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability | Proof Factor LLC | Proof Factor – Social Proof Notifications | Medium | 5.9 | 2025-09-22 18:23:04 | Deep Dive |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2025-09-03 08:27:23 | Deep Dive |
| CVE-2025-50028 | WordPress Ultimate Push Notifications plugin <= 1.2.0 - Broken Access Control Vulnerability | CodeSolz | Ultimate Push Notifications | Medium | 6.5 | 2025-07-16 11:27:57 | Deep Dive |
| CVE-2025-30978 | WordPress Slack Notifications by dorzki plugin <= 2.0.7 - Broken Access Control Vulnerability | Dor Zuberi | Slack Notifications by dorzki | Medium | 4.3 | 2025-06-06 12:54:06 | Deep Dive |
| CVE-2025-31056 | WordPress WhatsCart plugin <= 1.1.0 - SQL Injection vulnerability | Techspawn | WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce | Critical | 9.3 | 2025-05-23 12:44:09 | Deep Dive |
| CVE-2025-47682 | WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - SQL Injection Vulnerability | Cozy Vision | SMS Alert Order Notifications | - | - | 2025-05-12 18:19:44 | Deep Dive |
| CVE-2025-3876 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | High | 8.8 | 2025-05-10 11:22:46 | Deep Dive |
| CVE-2025-3878 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 6.4 | 2025-05-10 11:22:46 | Deep Dive |
| CVE-2023-7303 | q2apro q2apro-on-site-notifications q2apro-onsitenotifications-page.php process_request cross site scripting | q2apro | q2apro-on-site-notifications | Low | 3.5 | 2025-05-07 22:00:07 | Deep Dive |