cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forsimple-notification simple-notification

Direction: ascending
Dec 15, 2024

Simple Notification # CVE-2024-54242

CVE, Research URL

CVE-2024-54242

Home page URL

Security reports for Simple Notification

Application

Simple Notification

Date
Dec 13, 2024
Research Description
Missing Authorization vulnerability in Appsbd Simple Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through 1.3.
Affected versions
max 1.3.
Status
vulnerable
Mar 06, 2025

Simple Notification # CVE-2024-13866

CVE, Research URL

CVE-2024-13866

Home page URL

Security reports for Simple Notification

Application

Simple Notification

Date
Mar 05, 2025
Research Description
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 1.3.
Status
vulnerable