Filtered by vendor Wpdeveloper Subscriptions
Filtered by product Notificationx Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-22683 1 Wpdeveloper 1 Notificationx 2025-02-03 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.
CVE-2022-0349 1 Wpdeveloper 1 Notificationx 2024-11-21 9.8 Critical
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
CVE-2020-36744 1 Wpdeveloper 1 Notificationx 2024-11-21 4.3 Medium
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.