83 matches found
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor < 2.8.3 - Unauthenticated SQL Injection
Description The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied...
The vulnerability of the NotificationX plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.
The vulnerability of the NotificationX plugin in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
CVE-2020-36744
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...
CVE-2020-36744
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...
Cross site request forgery (csrf)
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...
CVE-2020-36744 NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...
CVE-2020-36744
The CVE-2020-36744 entry concerns the WordPress NotificationX plugin, affected in versions up to 1.8.2. The root cause is missing or incorrect nonce validation in the generate_conversions() function, enabling CSRF where unauthenticated attackers can induce conversions via forged requests if a sit...
CVE-2020-36744 NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...
WordPress Plugin NotificationX 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress NotificationX Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress NotificationX Plugin versions prior to 2.3.9. The...
CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...
CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...
CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...
CVE-2022-0349 NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...
CVE-2022-0349
CVE-2022-0349 affects the WordPress NotificationX plugin prior to version 2.3.9. The vulnerability is an unauthenticated blind SQL injection caused by the plugin not sanitizing/escaping the nx_id parameter before using it in a SQL statement. Exploitation could allow an attacker to read/modify dat...
WordPress plugin NotificationX SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress NotificationX Plugin versions prior to 2.3.9. The...
NotificationX < 2.3.12 - Unauthenticated SQLi
The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. PoC The apikey is the md5 of the homeurl either with http or https protocol...
WordPress NotificationX plugin <= 2.3.11 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by mikemyers in WordPress NotificationX plugin versions = 2.3.11. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.12...
NotificationX < 2.3.12 - Unauthenticated SQLi
The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. The apikey is the md5 of the homeurl either with http or https protocol...
WordPress NotificationX plugin <= 2.3.8 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress NotificationX plugin versions = 2.3.8. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.9...