Announcement & Notification Banner – Bulletin < 3.7.1 – Cross-Site Request Forgery | CVE 2023-2067

Affects Plugins

Fixed in 3.7.1

References

CVE

CVE-2023-2067

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bulletin-announcements/announcement-notification-banner-bulletin-370-cross-site-request-forgery

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

6.3 (medium)

Miscellaneous

Original Researcher

Chloe Chamberland

Verified

No

WPVDB ID

fd6ecf22-2cbe-46a6-849e-a5f3797f566f

Timeline

Publicly Published

2023-05-11 (about 3 years ago)

Added

2023-06-09 (about 2 years ago)

Last Updated

2023-06-09 (about 2 years ago)

Other

Published

Title

Published

2025-03-11

Title

MaxA/B <= 2.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-01-24

Title

Subscription DNA < 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2022-07-28

Title

ЮKassa для WooCommerce < 2.3.1 - Arbitrary Settings Update via CSRF

Published

2024-05-24

Title

AZAN Plugin <= 0.6 - Stored XSS via CSRF

Published

2023-09-05

Title

WP Custom Post Template <= 1.0 - Settings Update via CSRF