CVE ID :CVE-2026-3155 Published : April 16, 2026, 12:16 p.m. | 36 minutes ago Description :The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete OneSignal metadata for arbitrary posts. Severity: 3.1 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...