CVE-2022-0349

CVE-2022-0349: NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection

Vendor Unknown

Product NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor

Weakness CWE-89 · SQLi

Published March 7, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

Key dates

02Disclosure timeline

March 7, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0349 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection CVE-2026-32358 WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability CVE-2025-4715 Campcodes Sales and Inventory System view_application.php sql injection CVE-2025-6535 xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection CVE-2022-2771 SourceCodester Simple Online Book Store System bookPerPub.php sql injection