Announcement & Notification Banner – Bulletin

Vulnerabilities 11Slug bulletin-announcementsLatest version 3.14.0WordPress.org →

Minimum safe version

3.13.1

Update to 3.13.1 or later to address 11 fixable vulnerabilities

Latest available3.14.0 ✓

Medium 6.1

2026-05-01< 3.13.1

CVE-2024-13362

CVE Patchstack

Medium 6.1

2024-11-21< 3.12

CVE-2024-10682

CVE Patchstack Wordfence

Medium 6.3

2024-10-16< 3.1.0

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

High 7.6

2024-03-29< 3.9.0

CVE-2024-30478

CVE Wordfence Patchstack WPScan

N/A

2023-07-18< 3.8.1

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin < 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

Medium 4.3

2023-06-09< 3.7.0

CVE-2023-2066

CVE Wordfence Patchstack WPScan

Medium 5.4

2023-06-09< 3.7.1

CVE-2023-2067

CVE Wordfence Patchstack WPScan

N/A

2022-03-04< 3.1.0

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

2022-08-08< 3.5.3

Announcement & Notification Banner – Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Wordfence

N/A

2022-02-28< 3.1.0

WordPress Announcement & Notification Banner Plugin – Bulletin plugin <= 3.0.0 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 3.1.0

WordPress Announcement & Notification Banner Plugin – Bulletin plugin <= 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack