Mikewire_Rocksolid

**Name of the Vulnerable Software and Affected Versions** The Announcement & Notification Banner – Bulletin plugin for WordPress versions up to, and including, 3.7.0 **Description** The issue allows unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request. This is possible because of a missing nonce validation on the `bulletinwp update bulletin status`, `bulletinwp update bulletin`, `bulletinwp update settings`, `bulletinwp update status`, `bulletinwp export bulletins`, and `bulletinwp import bulletins` functions. Attackers can exploit this by tricking a site's user into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 3.7.0, update to a version higher than 3.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the `bulletinwp update bulletin status`, `bulletinwp update bulletin`, `bulletinwp update settings`, `bulletinwp update status`, `bulletinwp export bulletins`, and `bulletinwp import bulletins` functions until a patch is available.