cleantalk
Vulnerabilities and Security Researches

Notibar – Notification Bar for WordPress, CVE-2024-11012

CVE, Research URL

CVE-2024-11012

Home page URL

Security reports for Notibar – Notification Bar for WordPress

Application

Notibar – Notification Bar for WordPress

Published on
Dec 13, 2024
Research Description
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions
Min -, max 2.1.5.
Status
vulnerable
Previous vulnerability researches
External image replace (CVE-2025-30535) , Mar 26, 2025
External image replace (CVE-2025-4279) , May 06, 2025
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2024-45293) , May 07, 2025
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2024-38785) , May 07, 2025
Section Widget (CVE-2025-46537) , May 07, 2025