WordPress Announcement & Notification Banner – Bulletin plugin <= 3.12.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Announcement & Notification Banner Plugin – Bulletin versions = 3.12.1...

CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated...

CVE-2024-30478

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5...

CVE-2023-2067

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

CVE-2023-2067 Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...