NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar < 3.2.2 – Missing Authorization | CVE 2026-27042 | Plugin Vulnerabilities

Description

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Fixed in 3.2.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c09318f1-04b2-44e5-a184-c07942ae5778

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

PPzzAArr

Verified

No

WPVDB ID

0d6b65a1-2668-49db-862a-d168987d8368

Timeline

Publicly Published

2026-01-15 (about 5 months ago)

Added

2026-05-04 (about 1 month ago)

Last Updated

2026-05-04 (about 1 month ago)

Other

Published

Title

Published

2024-03-28

Title

Finale Lite < 2.18.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation

Published

2026-02-19

Title

GLB < 1.2.3 - Missing Authorization

Published

2022-05-23

Title

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

Published

2025-01-07

Title

Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

Published

2022-02-02

Title

Wordpress Download Manager < 3.2.35 - Sensitive Information Disclosure