NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor, CVE-2020-36744

CVE, Research URL: CVE-2020-36744
Home page URL: Security reports for NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
Application: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
Published on: Jul 01, 2023
Research Description: The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.3.12.
Status: vulnerable

NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor, CVE-2020-36744