CVE-2024-11012: CWE-94 Improper Control of Generation of Code ('Code Injection') in ninjateam Notibar – Notification Bar for WordPress
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVE-2024-11012: CWE-94 Improper Control of Generation of Code ('Code Injection') in ninjateam Notibar – Notification Bar for WordPress
Description
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-11-08T01:08:18.637Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e04b7ef31ef0b593ab5
Added to database: 2/25/2026, 9:47:48 PM
Last updated: 2/25/2026, 9:48:02 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-11408: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in teonos Slotti Ajanvaraus
MediumCVE-2024-11405: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in hellomohsinkhan WP Front-end login and register
MediumCVE-2024-11400: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in realmag777 HUSKY – Products Filter Professional for WooCommerce
MediumCVE-2024-11396: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor in awordpresslife Event Monster – Event Management, Tickets Booking, Upcoming Event
MediumCVE-2024-11394: CWE-502: Deserialization of Untrusted Data in Hugging Face Transformers
HighActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.