Filtered by vendor Wpdeveloper
Subscriptions
Filtered by product Notificationx
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36744 | 1 Wpdeveloper | 1 Notificationx | 2024-08-04 | 4.3 Medium |
| The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2024-08-02 | 9.8 Critical |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | ||||
Page 1 of 1.