Wpdeveloper Notificationx vulnerabilities
5 known vulnerabilities affecting wpdeveloper/notificationx.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-1698P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.8.32024-02-27
CVE-2024-1698 [CRITICAL] CWE-89 CVE-2024-1698: The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With
The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
nvd
CVE-2022-0349P2CRITICALCVSS 9.8PoCfixed in 2.3.92022-03-07
CVE-2022-0349 [CRITICAL] CWE-89 CVE-2022-0349: The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter bef
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
nvd
CVE-2026-27042P4MEDIUMCVSS 5.3≤ 3.2.12026-02-19
CVE-2026-27042 [MEDIUM] CWE-862 CVE-2026-27042: Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Inc
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
nvd
CVE-2025-22683P4MEDIUMCVSS 5.4fixed in 3.0.0≤ 2.9.52025-02-03
CVE-2025-22683 [MEDIUM] CWE-79 CVE-2025-22683: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from n/a through <= 2.9.5.
nvd
CVE-2020-36744P4MEDIUMCVSS 4.3≤ 1.8.22023-07-01
CVE-2020-36744 [MEDIUM] CWE-352 CVE-2020-36744: The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site admini
nvd