VYPR

Notificationx

by WordPress

Source repositories

CVEs (7)

  • CVE-2024-1698CriFeb 27, 2024
    risk 0.64cvss 9.8epss 0.78

    The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user…

  • CVE-2025-15380HigJan 20, 2026
    risk 0.47cvss 7.2epss 0.00

    The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and…

  • CVE-2026-0554MedJan 20, 2026
    risk 0.28cvss 4.3epss 0.00

    The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with…

  • CVE-2024-11727MedDec 12, 2024
    risk 0.22cvss 4.4epss 0.00

    The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions…

  • CVE-2020-36744MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to…

  • CVE-2022-0349Mar 7, 2022
    risk 0.05cvss epss 0.34

    The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

  • CVE-2021-39340Nov 1, 2021
    risk 0.00cvss epss 0.01

    The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to…