VYPR

Bulletin Announcements

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-2066MedJun 9, 2023
    risk 0.34cvss 6.3epss 0.01

    The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings',…

  • CVE-2024-10682MedNov 21, 2024
    risk 0.33cvss 6.1epss 0.01

    The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it…