cleantalk
Vulnerabilities and Security Researches

Notibar – Notification Bar for WordPress, CVE-2025-1672

CVE, Research URL

CVE-2025-1672

Home page URL

Security reports for Notibar – Notification Bar for WordPress

Application

Notibar – Notification Bar for WordPress

Published on
Mar 06, 2025
Research Description
The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 2.1.6.
Status
vulnerable
Previous vulnerability researches
Notibar – Notification Bar for WordPress (CVE-2024-54269) , Dec 13, 2024
Notibar – Notification Bar for WordPress (CVE-2025-1672) , Mar 07, 2025
Notibar – Notification Bar for WordPress (CVE-2024-11012) , May 07, 2025
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
Category Widget (CVE-2025-46515) , May 07, 2025
Search Exclude (CVE-2025-2821) , May 07, 2025
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025