Headline
CVE-2023-2067: Changeset 2910991 for bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php – WordPress Plugin Repository
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status’, 'bulletinwp_update_bulletin’, 'bulletinwp_update_settings’, 'bulletinwp_update_status’, 'bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin’s settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site’s user into performing an action such as clicking on a link.
Timestamp:
05/11/2023 08:00:46 AM (5 weeks ago)
mikewire_rocksolid
Message:
tagging version 3.7.1
File:
- bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php (6 diffs)
Legend:
Unmodified
Added
Removed
bulletin-announcements/trunk/classes/class-bulletinwp-ajax.php
r2906036
r2910991
37
37
public function bulletinwp\_update\_bulletin\_status()
38
38
{
39
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
39
40
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
40
41
wp\_send\_json\_error();
…
…
70
71
public function bulletinwp\_update\_bulletin()
71
72
{
73
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
72
74
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
73
75
wp\_send\_json\_error();
…
…
232
234
public function bulletinwp\_update\_settings()
233
235
{
236
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
234
237
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
235
238
wp\_send\_json\_error();
…
…
281
284
public function bulletinwp\_update\_status()
282
285
{
286
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
283
287
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
284
288
wp\_send\_json\_error();
…
…
313
317
public function bulletinwp\_export\_bulletins()
314
318
{
319
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
315
320
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
316
321
wp\_send\_json\_error();
…
…
335
340
public function bulletinwp\_import\_bulletins()
336
341
{
342
check\_ajax\_referer( 'bulletinwp\_ajax\_nonce', 'ajaxNonce' );
337
343
if ( !BULLETINWP::instance()->helpers->check\_page\_access\_permission() ) {
338
344
wp\_send\_json\_error();
Note: See TracChangeset for help on using the changeset viewer.