CVE-2025-9895

Name of the Vulnerable Software and Affected Versions Notification Bar plugin for WordPress versions prior to 2.3

Description The Notification Bar plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by insufficient or incorrect nonce validation within the subscriber-list-empty.php file. An unauthenticated attacker could potentially empty the subscriber list by forging a request, provided they can deceive a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the Notification Bar plugin to version 2.3 or later.