cleantalk
Vulnerabilities and Security Researches

WANotifier – Send Message Notifications Using Cloud API, CVE-2024-6165

CVE, Research URL

CVE-2024-6165

Home page URL

Security reports for WANotifier – Send Message Notifications Using Cloud API

Application

WANotifier – Send Message Notifications Using Cloud API

Published on
Jul 31, 2024
Research Description
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 2.6.1.
Status
vulnerable
Previous vulnerability researches
Event Notifier (CVE-2017-18576) , Jun 10, 2024
Comment Approved Notifier Extended (CVE-2025-30792) , Mar 28, 2025
WANotifier – Send Message Notifications Using Cloud API (CVE-2024-6165) , Aug 02, 2024
WANotifier – Send Message Notifications Using Cloud API (CVE-2025-49976) , Jul 02, 2025
Post Status Notifier Lite (CVE-2023-47766) , Jun 07, 2024
New vulnerability
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-49290) , Jul 03, 2025
Accept Stripe Payments Using Contact Form 7 (CVE-2025-53309) , Jul 03, 2025
Opal Estate Pro – Property Management and Submission (CVE-2025-6934) , Jul 03, 2025
TM Replace Howdy (CVE-2025-49972) , Jul 03, 2025
VG WORT METIS (CVE-2025-50039) , Jul 03, 2025