CVE-2026-0554
📋 TL;DR
The NotificationX WordPress plugin has a missing capability check vulnerability in REST API endpoints that allows authenticated users with Contributor-level access or higher to reset analytics for any campaign, regardless of ownership. This affects all versions up to and including 3.1.11. The vulnerability enables unauthorized data modification within WordPress sites using this plugin.
💻 Affected Systems
- NotificationX WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated users could systematically reset analytics for all campaigns, disrupting business intelligence and reporting capabilities, potentially combined with other vulnerabilities for broader impact.
Likely Case
Contributor-level users resetting analytics for campaigns they don't own, causing data loss and inaccurate reporting for site administrators.
If Mitigated
Limited to authenticated users with at least Contributor access, with impact confined to analytics data reset rather than content modification or privilege escalation.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via REST API calls to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.12 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find NotificationX and click 'Update Now' if available. 4. Alternatively, download version 3.1.12+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict User Roles
allTemporarily limit Contributor and Author role access or remove unnecessary users until patch is applied.
Disable REST API Endpoints
allUse WordPress filters to block access to vulnerable NotificationX REST endpoints.
Add to theme's functions.php or custom plugin:
add_filter('rest_endpoints', function($endpoints){
if(isset($endpoints['/notificationx/v1/regenerate'])) unset($endpoints['/notificationx/v1/regenerate']);
if(isset($endpoints['/notificationx/v1/reset'])) unset($endpoints['/notificationx/v1/reset']);
return $endpoints;
});
🧯 If You Can't Patch
- Disable NotificationX plugin entirely if not critical
- Implement strict user role management and audit Contributor-level users
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → NotificationX → Version. If version is 3.1.11 or lower, system is vulnerable.Check Version:
wp plugin list --name=notificationx --field=version (if WP-CLI installed)Verify Fix Applied:
Confirm NotificationX version is 3.1.12 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-json/notificationx/v1/regenerate or /wp-json/notificationx/v1/reset endpoints from non-admin users
- Multiple analytics reset events in short timeframes
Network Indicators:
- REST API calls to NotificationX endpoints from unauthorized user roles
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-json/notificationx/v1/regenerate" OR uri_path="/wp-json/notificationx/v1/reset") AND user_role!="administrator"🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3433555%40notificationx&old=3426659%40notificationx&sfp_email=&sfph_mail=
- https://research.cleantalk.org/cve-2026-0554
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e3cd843b-ab38-45c4-a661-78d4e6db5201?source=cve
