cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1698,https://securityvulnerability.io/vulnerability/CVE-2024-1698,SQL Injection Vulnerability in NotificationX Plugin Affects Sensitive Data,"The NotificationX Plugin for WordPress, which focuses on enhancing user experience through sales popups and notifications, is vulnerable to SQL Injection attacks. This vulnerability exists through the 'type' parameter due to inadequate escaping of user-supplied input and insufficient preparation of the corresponding SQL query. Attackers without authentication can exploit this flaw to insert malicious SQL queries, allowing them to extract sensitive information from the plugin's database. This poses significant risks to data integrity and user privacy, necessitating immediate attention and remediation by users of the affected versions.",Wordpress,"Notificationx – Best Fomo, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor",9.8,CRITICAL,0.0009200000204145908,false,,false,false,true,true,false,false,2024-02-27T05:33:12.316Z,0
CVE-2020-36744,https://securityvulnerability.io/vulnerability/CVE-2020-36744,Cross-Site Request Forgery in NotificationX Plugin for WordPress,"The NotificationX plugin for WordPress is susceptible to Cross-Site Request Forgery attacks in versions up to and including 1.8.2. This vulnerability arises from insufficient nonce validation in the generate_conversions() function. Attackers can exploit this flaw by tricking a site administrator into unintentionally triggering an action, such as clicking a malicious link, leading to unauthorized conversion generation.",Wordpress,"Notificationx – Best Fomo, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor",4.3,MEDIUM,0.0018700000364333391,false,,false,false,false,,false,false,2023-07-01T04:26:51.230Z,0
CVE-2022-0349,https://securityvulnerability.io/vulnerability/CVE-2022-0349,NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection,"The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection",Wordpress,"Notificationx – Best Fomo, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor",9.8,CRITICAL,0.0386199988424778,false,,false,false,false,,false,false,2022-03-07T08:16:27.000Z,0