80 matches found
Exploit for SQL Injection in Wpdeveloper Notificationx
CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection...
NotificationX Dropshipping < 4.4 - SQL Injection
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection id: CVE-2022-3481 info: name: NotificationX Dropshipping 4.4 - SQL Injection author: ritikchaddha severity: critical...
WordPress NotificationX <2.3.9 - SQL Injection
WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nxid parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify dat...
NotificationX <= 2.8.2 - SQL Injection
The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and la...
CVE-2026-27042
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
CVE-2026-27042
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
CVE-2026-27042
CVE-2026-27042 affects the WordPress NotificationX plugin (versions <= 3.2.1). The issue is described as a Missing Authorization vulnerability due to incorrectly configured access control in NotificationX, enabling a broken/unauthorized access scenario. Public sources in the connected document...
CVE-2026-27042
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
CVE-2026-27042 WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
CVE-2026-27042 WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
PT-2026-20758
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through = 3.2.1...
WordPress plugin NotificationX 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-15380
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...
CVE-2026-0554
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...
WordPress NotificationX plugin <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability
Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin NotificationX versions = 3.2.0...
WordPress NotificationX plugin <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
Missing Authorization to Authenticated Contributor+ Analytics Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin NotificationX versions = 3.1.11...
CVE-2026-0554
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0554
CVE-2026-0554 pertains to the NotificationX WordPress plugin (versions up to 3.1.11) and describes a missing capability check on the REST endpoints /wp-json/notificationx/v1/campaigns/{campaign_id}/regenerate and /wp-json/notificationx/v1/campaigns/{campaign_id}/reset. This allows authenticated u...
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...