Onesignal Onesignal – Web Push Notifications
2 CVEs affecting Onesignal Onesignal – Web Push Notifications. Latest disclosed: 2026-04-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13950 | Medium | 5.3 | 2025-12-15 | The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setting… |
CVE-2026-3155 | Low | 3.1 | 2026-04-16 | The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the p… |