WordPress Announcement & Notification Banner – Bulletin plugin <= 3.12.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Announcement & Notification Banner Plugin – Bulletin versions = 3.12.1...

EUVD-2023-33592

Malicious code in bioql PyPI...

EUVD-2024-28398

Malicious code in bioql PyPI...

CVE-2024-30478

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5...

WordPress Bulletin Announcements plugin <= 3.11.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WordPress Announcement & Notification Banner Plugin – Bulletin versions = 3.11.7...

CVE-2024-10682

CVE-2024-10682: WordPress Bulletin Announcements plugin is vulnerable to Reflected XSS via add_query_arg/remove_query_arg without proper escaping in all versions up to 3.11.7. Exploitation requires user interaction (tricking a user into clicking a link) and is possible for unauthenticated attacke...

CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated...

CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated...

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

WordPress Announcement & Notification Banner Plugin – Bulletin < 3.9.0 - Authenticated (Administrator+) SQL Injection

Description The WordPress Announcement & Notification Banner Plugin – Bulletin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-30478

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5...

PT-2024-23403 · WordPress · Wordpress Announcement & Notification Banner Plugin – Bulletin

Name of the Vulnerable Software and Affected Versions: WordPress Announcement & Notification Banner Plugin – Bulletin versions 3.8.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...

CVE-2023-2067

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

CVE-2023-2067

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

CVE-2023-2066

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

CVE-2023-2066

CVE-2023-2066 affects the Announcement & Notification Banner – Bulletin WordPress plugin up to version 3.6.0. Root cause: missing capability/authorization checks in functions bulletinwp_update_bulletin_status, bulletinwp_update_bulletin, bulletinwp_update_settings, bulletinwp_update_status, bulle...

CVE-2023-2067 Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

PT-2023-17529 · WordPress · The Announcement & Notification Banner – Bulletin

Name of the Vulnerable Software and Affected Versions: The Announcement & Notification Banner – Bulletin plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the bulletinwp update...

WordPress Announcement & Notification Banner Plugin – Bulletin plugin <= 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Announcement & Notification Banner Plugin – Bulletin plugin versions = 3.0.0. Solution Update the WordPress Announcement & Notification Banner Plugin – Bulletin plugin to the latest available version a...