Vulnerabilities and security researches fornotify-odoo notify-odoo

May 17, 2026

CVE, Research URL: CVE-2026-8425
Home page URL: Security reports for Notify Odoo
Application: Notify Odoo
Date: May 15, 2026
Research Description: The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to an attacker-controlled URL and modify notification, tracking image, and allowed IP address settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.0.2.
Status: vulnerable

Jan 07, 2025

CVE, Research URL: CVE-2024-56299
Home page URL: Security reports for Notify Odoo
Application: Notify Odoo
Date: Jan 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through 1.0.0.
Affected versions: max 1.0.1.
Status: vulnerable