CVE-2026-27042

CVE-2026-27042 affects the WordPress NotificationX plugin (versions <= 3.2.1). The issue is described as a Missing Authorization vulnerability due to incorrectly configured access control in NotificationX, enabling a broken/unauthorized access scenario. Public sources in the connected document...

WordPress plugin NotificationX 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-15380

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

CVE-2026-0554

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2026-0554

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2026-0554

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

PT-2026-3573

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

WordPress plugin NotificationX has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-3575

Name of the Vulnerable Software and Affected Versions NotificationX plugin for WordPress versions through 3.1.11 Description The NotificationX plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the ''regenerate'' and ''reset'' REST API...

WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin NotificationX versions = 3.2.1...

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

EUVD-2024-34173

Malicious code in bioql PyPI...

CVE-2024-11727

The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including,...

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

CVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and la...

CVE-2025-22683

CVE-2025-22683 describes a Stored XSS vulnerability in the WordPress NotificationX plugin (WPDeveloper) version(s) up to 2.9.5, caused by improper input neutralization during web page generation. The issue affects NotificationX from an unspecified earliest version through 2.9.5 and could impact s...

CVE-2025-22683 WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from n/a through = 2.9.5...

WordPress plugin NotificationX 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...