WordPress Plugin Vulnerabilities
Announcement & Notification Banner – Bulletin < 3.7.0 - Subscriber+ Unauthorized Access and Modification
Description
The plugin does not properly implement capability checks, allowing an attacker with subscriber-level access to modify the plugin's settings, modify bulletins, and create new bulletins.
Affects Plugins
References
Miscellaneous
Original Researcher
Chloe Chamberland
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-05-11 (about 1 years ago)
Added
2023-06-09 (about 11 months ago)
Last Updated
2023-06-09 (about 11 months ago)