Lucene search
K

83 matches found

WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.37 views

NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor < 2.8.3 - Unauthenticated SQL Injection

Description The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied...

9.8CVSS7.8AI score0.77585EPSS
Exploits3References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.6 views

The vulnerability of the NotificationX plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the NotificationX plugin in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

10CVSS8.1AI score0.34359EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/07/01 5:15 a.m.4 views

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

4.3CVSS5.6AI score0.00388EPSS
Exploits0References9
NVD
NVD
added 2023/07/01 5:15 a.m.13 views

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

4.3CVSS4.2AI score0.00388EPSS
Exploits0References9
Prion
Prion
added 2023/07/01 5:15 a.m.15 views

Cross site request forgery (csrf)

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

4.3CVSS4.3AI score0.00388EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/01 4:26 a.m.14 views

CVE-2020-36744 NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

4.3CVSS5.8AI score0.00388EPSS
Exploits0References9
CVE
CVE
added 2023/07/01 4:26 a.m.32 views

CVE-2020-36744

The CVE-2020-36744 entry concerns the WordPress NotificationX plugin, affected in versions up to 1.8.2. The root cause is missing or incorrect nonce validation in the generate_conversions() function, enabling CSRF where unauthenticated attackers can induce conversions via forged requests if a sit...

4.3CVSS4.2AI score0.00388EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/07/01 4:26 a.m.25 views

CVE-2020-36744 NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

4.3CVSS4.3AI score0.00388EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/07/01 12:0 a.m.3 views

WordPress Plugin NotificationX 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS5AI score0.00388EPSS
Exploits0References10
CNVD
CNVD
added 2022/03/09 12:0 a.m.17 views

WordPress NotificationX Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress NotificationX Plugin versions prior to 2.3.9. The...

9.8CVSS9.8AI score0.34359EPSS
Exploits2References1
NVD
NVD
added 2022/03/07 9:15 a.m.23 views

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

9.8CVSS0.34359EPSS
Exploits2References1
OSV
OSV
added 2022/03/07 9:15 a.m.1 views

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

9.8CVSS5.8AI score0.34359EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.7 views

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

9.8CVSS8.1AI score0.34359EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.33 views

CVE-2022-0349 NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

10AI score0.34359EPSS
Exploits2References1
CVE
CVE
added 2022/03/07 8:16 a.m.237 views

CVE-2022-0349

CVE-2022-0349 affects the WordPress NotificationX plugin prior to version 2.3.9. The vulnerability is an unauthenticated blind SQL injection caused by the plugin not sanitizing/escaping the nx_id parameter before using it in a SQL statement. Exploitation could allow an attacker to read/modify dat...

9.8CVSS9.8AI score0.34359EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.4 views

WordPress plugin NotificationX SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress NotificationX Plugin versions prior to 2.3.9. The...

9.8CVSS6.2AI score0.34359EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.9 views

NotificationX < 2.3.12 - Unauthenticated SQLi

The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. PoC The apikey is the md5 of the homeurl either with http or https protocol...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.19 views

WordPress NotificationX plugin <= 2.3.11 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by mikemyers in WordPress NotificationX plugin versions = 2.3.11. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.12...

3.7AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.714 views

NotificationX < 2.3.12 - Unauthenticated SQLi

The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. The apikey is the md5 of the homeurl either with http or https protocol...

2.4AI score
Exploits0References1
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.36 views

WordPress NotificationX plugin <= 2.3.8 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress NotificationX plugin versions = 2.3.8. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.9...

9.8CVSS3.2AI score0.34359EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder