4 matches found
CVE-2023-2067
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...
CVE-2023-2067
Summary (CVE-2023-2067) The WordPress plugin Announcement & Notification Banner – Bulletin (Bulletin) suffers a CSRF flaw from missing nonce validation in admin AJAX handlers: bulletinwp_update_bulletin_status, bulletinwp_update_bulletin, bulletinwp_update_settings, bulletinwp_update_status, bull...
CVE-2023-2067 Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...
WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2067 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership...