Vulnerabilities and security researches fornotifier notifier
Direction: ascendingAug 02, 2024
WANotifier – Send Message Notifications Using Cloud API # CVE-2024-6165
- CVE, Research URL
- Date
- Jul 31, 2024
- Research Description
- The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 2.6.1.
- Status
-
vulnerable
Jul 02, 2025
WANotifier – Send Message Notifications Using Cloud API # CVE-2025-49976
- CVE, Research URL
- Date
- Jun 20, 2025
- Research Description
- Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12.
- Affected versions
-
max 2.7.13.
- Status
-
vulnerable
Jan 28, 2026
WANotifier – Send Message Notifications Using Cloud API # CVE-2025-68020
- CVE, Research URL
- Date
- Jan 22, 2026
- Research Description
- Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13.
- Affected versions
-
max 3.0.0.
- Status
-
vulnerable
Jul 08, 2026
WANotifier – Send Message Notifications Using Cloud API # CVE-2024-6228
- CVE, Research URL
- Date
- Jul 06, 2026
- Research Description
- The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on the server.
- Affected versions
-
max 2.6.
- Status
-
vulnerable