CVE-2022-0349

CVE-2022-0349 affects the WordPress NotificationX plugin prior to version 2.3.9. The vulnerability is an unauthenticated blind SQL injection caused by the plugin not sanitizing/escaping the nx_id parameter before using it in a SQL statement. Exploitation could allow an attacker to read/modify dat...

CVE-2024-1698

Summary of CVE-2024-1698 (NotificationX WordPress plugin) : The affected software is the NotificationX plugin for WordPress (versions up to and including 2.8.2). The underlying issue is an SQL Injection vulnerability in the Analytics/REST pathway caused by insufficient escaping of the user-suppli...

CVE-2025-22683

CVE-2025-22683 describes a Stored XSS vulnerability in the WordPress NotificationX plugin (WPDeveloper) version(s) up to 2.9.5, caused by improper input neutralization during web page generation. The issue affects NotificationX from an unspecified earliest version through 2.9.5 and could impact s...

CVE-2020-36744

The CVE-2020-36744 entry concerns the WordPress NotificationX plugin, affected in versions up to 1.8.2. The root cause is missing or incorrect nonce validation in the generate_conversions() function, enabling CSRF where unauthenticated attackers can induce conversions via forged requests if a sit...