WPDeveloper NotificationX CVE-2026-27042
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
AnalysisAI
Unauthorized modification of content is possible in WPDeveloper NotificationX through version 3.2.1 due to improper access control checks that allow unauthenticated attackers to manipulate notification data. This vulnerability affects all installations of the plugin without authentication requirements, enabling attackers to alter or inject malicious content. No security patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects WPDeveloper NotificationX notificationx. Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
Affected ProductsAI
Product: WPDeveloper NotificationX notificationx.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today