CVE-2024-11012

Name of the Vulnerable Software and Affected Versions Notibar – Notification Bar para WordPress versions up to 2.1.4

Description The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software permitting users to execute an action that does not properly validate a value before running do shortcode(). This is possible through the njt nofi text AJAX action.

Recommendations For versions up to 2.1.4, update to a version higher than 2.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the njt nofi text AJAX action until a patch is available. Restrict access to the do shortcode() function to minimize the risk of exploitation.