WordPress
Multiple Products
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin...
2026-01-21
Description
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3
AI Analyst Comment
Remediation
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
---METADATA---
VENDOR: Open5GS
PRODUCT: Open5GS
AFFECTED_VERSIONS: Versions up to and including 2.x
---END_METADATA---
Description Summary:
Open5GS, an open-source implementation for 5G Core and EPC, is affected by a security flaw in versions up to 2. This vulnerability may impact mobile core network stability.
Executive Summary:
Open5GS versions up to 2.x are affected by a high-severity security flaw that could jeopardize the availability and integrity of 5G core network functions.
Vulnerability Details
CVE-ID: CVE-2025-15555
Affected Software: Open5GS
Affected Versions: Versions up to and including 2.x
Vulnerability: The vulnerability exists within the core processing logic of Open5GS. While specific technical details are limited, it involves a flaw that can be triggered by a network-based attacker, potentially without prior authentication depending on the specific network function targeted.
Business Impact
As Open5GS is utilized in private 5G deployments and research environments, an exploit could lead to a total denial of service for mobile communications. The CVSS score of 7.3 reflects a high impact on availability, which can cause significant operational downtime and disrupt critical communication infrastructure.
Remediation Plan
Immediate Action: Administrators should upgrade Open5GS to the latest stable version (3.x or higher) where this flaw has been addressed.
Proactive Monitoring: Implement deep packet inspection (DPI) on S1AP and NGAP interfaces to detect malformed signaling traffic targeting the core.
Compensating Controls: Restrict access to the Open5GS control plane interfaces to trusted management networks only using IPsec or strict firewalling.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. The complexity of 5G signaling may delay exploit development, but the critical nature of the software demands immediate patching.
Analyst Recommendation
Given the role of Open5GS in critical telecommunications infrastructure, this high-severity flaw must be addressed with urgency. Organizations should prioritize the migration to a patched version to ensure the continued reliability of their mobile network cores.