CVE-2025-15380

Name of the Vulnerable Software and Affected Versions NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress versions through 3.2.0

Description The NotificationX plugin for WordPress is susceptible to a DOM-Based Cross-Site Scripting issue. This occurs because of inadequate input sanitization and output escaping when handling preview data. An unauthenticated attacker can inject arbitrary web scripts into pages by exploiting the nx-preview POST parameter. This allows for script execution when a user visits a malicious page that automatically submits a form to the vulnerable site.

Recommendations Update the NotificationX plugin to a version newer than 3.2.0.