2026-01-20 14:26:34
Wordfence
PUBLISHED
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the regenerate and reset REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset analytics for any NotificationX campaign, regardless of ownership.