Vulnerabilities

CVE-2025-15380 - NotificationX <= 3.2.0 - unauthenticated dom-based cross-site scripting via 'nx-...

2026-01-20 0 views admin

CVE ID : CVE-2025-15380 Published : Jan. 20, 2026, 2:26 p.m. | 23 minutes ago Description : The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. This is due to insufficient input sanitization and output escaping when processing preview data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user visits a malicious page that auto-submits a form to the vulnerable site. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15380

Published

Jan. 20, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15380wordpress

CVE-2025-15380 - NotificationX <= 3.2.0 - unauthenticated dom-based cross-site scripting via 'nx-...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-12781 - base64.b64decode() always accepts

CVE-2025-68137 - EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stac...

CVE-2025-68136 - EVerest's inadequate session handling can lead to memory-related errors or exhau...

CVE-2025-13465 - Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3