CVE-2024-30478

Name of the Vulnerable Software and Affected Versions WordPress Announcement & Notification Banner Plugin – Bulletin versions 3.8.5 and earlier

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. As a result, an attacker could execute unauthorized SQL commands.

Recommendations For versions 3.8.5 and earlier, disable the plugin and await a patch. As a temporary workaround, consider restricting access to any API endpoints that may be vulnerable to SQL injection until a patch is available. Avoid using any parameters in affected API endpoints that could be used for SQL injection until the issue is resolved.