CVE-2025-22683
- EPSS 0.05%
- Veröffentlicht 03.02.2025 15:15:18
- Zuletzt bearbeitet 03.02.2025 15:15:18
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.
CVE-2024-1698
- EPSS 93.88%
- Veröffentlicht 27.02.2024 06:15:46
- Zuletzt bearbeitet 10.03.2025 16:21:14
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient...
CVE-2020-36744
- EPSS 0.11%
- Veröffentlicht 01.07.2023 05:15:15
- Zuletzt bearbeitet 21.11.2024 05:30:12
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauth...
CVE-2022-0349
- EPSS 61.49%
- Veröffentlicht 07.03.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 06:38:26
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection