Vulnerabilities and security researches forintelly-welcome-bar intelly-welcome-bar

Jun 07, 2024

CVE, Research URL: 025c066ec20d42c962d84a2719b5efd5b87af0cf
Home page URL: Security reports for Welcome Bar
Application: Welcome Bar
Date: Mar 31, 2023
Research Description: Welcome Bar [intelly-welcome-bar] < 2.0.4 Welcome Bar <= 2.0.3 - Cross-Site Request Forgery The Welcome Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on the iwb_do_action function. This makes it possible for unauthenticated attackers to invoke this AJAX action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32129
Home page URL: Security reports for Welcome Bar
Application: Welcome Bar
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4.
Affected versions: Min -, max -.
Status: vulnerable