WP-Safety

Announcement & Notification Banner – Bulletin Security & Risk Analysis

wordpress.org/plugins/bulletin-announcements

Publish a slick announcement banner notice across your website or Woocommerce shop. Extend with icons, countdowns, placement rules and more!

2K active installs v3.14.0 PHP 7.2+ WP 5.0+ Updated Feb 23, 2026
announcementsbannerscountdownnoticenotifications
96
A · Safe
CVEs total5
Unpatched0
Last CVENov 20, 2024
Plugin page Download
Safety Verdict

Is Announcement & Notification Banner – Bulletin Safe to Use in 2026?

Generally Safe

Score 96/100

Announcement & Notification Banner – Bulletin has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Nov 20, 2024Updated 1mo ago
Risk Assessment

The "bulletin-announcements" v3.14.0 plugin presents a mixed security posture. While the code demonstrates strong adherence to modern WordPress security practices, with a high percentage of SQL queries using prepared statements and an excellent rate of output escaping, there are significant concerns. The presence of a single AJAX handler without authentication checks represents a direct entry point for potential unauthorized actions. Furthermore, the use of the `unserialize` function is a critical red flag, as it can be exploited for Remote Code Execution (RCE) if not handled with extreme caution and strict input validation. The plugin's vulnerability history is also concerning, with a total of 5 known CVEs, including one high-severity vulnerability related to SQL Injection and others covering Cross-Site Scripting, CSRF, and Missing Authorization. The fact that there are no currently unpatched vulnerabilities is positive, but the recurring nature of these vulnerability types suggests potential weaknesses in the development process that could be re-introduced. Overall, the plugin has good foundational security practices but is marred by a critical code signal (`unserialize`) and a significant historical pattern of security flaws, making it a moderate to high risk.

Key Concerns

  • AJAX handler without authentication
  • Dangerous function: unserialize
  • 1 High severity CVE history
  • 4 Medium severity CVE history
  • Bundled outdated library: Freemius v1.0
Vulnerabilities
5

Announcement & Notification Banner – Bulletin Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2024-10682medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting

Nov 20, 2024 Patched in 3.12 (2d)
CVE-2024-30478high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection

Mar 28, 2024 Patched in 3.9.0 (7d)
CVE-2023-2067medium · 6.3Cross-Site Request Forgery (CSRF)

Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery

May 11, 2023 Patched in 3.7.1 (257d)
CVE-2023-2066medium · 6.3Missing Authorization

Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks

May 11, 2023 Patched in 3.7.0 (257d)
WF-337d052c-6ee2-4cd0-8a69-a4b66b25517a-bulletin-announcementsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Announcement & Notification Banner – Bulletin <= 3.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Aug 8, 2022 Patched in 3.5.3 (533d)
Code Analysis
Analyzed Mar 16, 2026

Announcement & Notification Banner – Bulletin Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
41 prepared
Unescaped Output
4
560 escaped
Nonce Checks
7
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize( $meta_value );classes\class-bulletinwp-sql.php:554

Bundled Libraries

Freemius1.0

SQL Query Safety

93% prepared44 total queries

Output Escaping

99% escaped564 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
<bulletins> (admin\views\pages\bulletins.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Announcement & Notification Banner – Bulletin Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_bulletinwp_get_bulletin_dataclasses\class-bulletinwp-customizer.php:9
WordPress Hooks 23
actionplugins_loadedbulletinwp.php:111
actionafter_uninstallclasses\class-bulletinwp-activation.php:14
actioninitclasses\class-bulletinwp-activation.php:16
filterwpmu_drop_tablesclasses\class-bulletinwp-activation.php:17
actionadmin_enqueue_scriptsclasses\class-bulletinwp-admin.php:8
actionadmin_initclasses\class-bulletinwp-admin.php:10
actionadmin_menuclasses\class-bulletinwp-admin.php:12
actionadmin_headclasses\class-bulletinwp-admin.php:13
filterset-screen-optionclasses\class-bulletinwp-admin.php:14
actionadmin_noticesclasses\class-bulletinwp-admin.php:20
actioncustomize_controls_enqueue_scriptsclasses\class-bulletinwp-customizer.php:6
actioncustomize_preview_initclasses\class-bulletinwp-customizer.php:7
actioncustomize_registerclasses\class-bulletinwp-customizer.php:8
actioncustomize_save_afterclasses\class-bulletinwp-customizer.php:10
actionwp_enqueue_scriptsclasses\class-bulletinwp-frontend.php:9
actionwp_headclasses\class-bulletinwp-frontend.php:11
actionwp_footerclasses\class-bulletinwp-frontend.php:13
actionwp_footerclasses\class-bulletinwp-frontend.php:15
filtersafe_style_cssclasses\class-bulletinwp-frontend.php:16
actioninitclasses\class-bulletinwp-language.php:6
actioninitclasses\class-bulletinwp-language.php:7
actioninitclasses\class-bulletinwp-language.php:8
actioninitclasses\class-bulletinwp-sql.php:11
Maintenance & Trust

Announcement & Notification Banner – Bulletin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.2
Downloads85K

Community Trust

Rating92/100
Number of ratings20
Active installs2K
Alternatives

Announcement & Notification Banner – Bulletin Alternatives

wiseCampaign – WooCommerce Conversions Made Easy

wiseCampaign – WooCommerce Conversions Made Easy

wisecampaign

A
100

Turn visitors into buyers faster with banners, urgency timers, direct checkout, discounts, popups & mini-cart.

40 No CVEs
Disable Admin Notices – Hide Dashboard Notifications

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

A
98

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs
Hide Admin Notices

Hide Admin Notices

hide-admin-notices

A
85

Hide – or show – WordPress Dashboard Notices, Messages, Update Nags etc. ... for everything!

20K No CVEs
Hide Dashboard Notifications

Hide Dashboard Notifications

wp-hide-backed-notices

A
99

Warnings and notices can be helpful for developers as they notify them for debugging issues with their code. Though these notices can be sometimes inf &hellip;

20K 2 CVEs
Disable WP Notification

Disable WP Notification

disable-wp-notification

A
100

Best wordpress plugin to remove all the admin panel notifications in just one click. Including the theme and plugin update notification.

10K No CVEs
Developer Profile

Announcement & Notification Banner – Bulletin Developer Profile

Rock Solid

7 plugins · 17K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
223 days
View full developer profile
Detection Fingerprints

How We Detect Announcement & Notification Banner – Bulletin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bulletin-announcements/admin/build/free.css/wp-content/plugins/bulletin-announcements/admin/build/free.js
Script Paths
/wp-content/plugins/bulletin-announcements/admin/build/free.js
Version Parameters
bulletin-announcements/admin/build/free.css?ver=bulletin-announcements/admin/build/free.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-bulletinwp-plugin-slug
JS Globals
BULLETINWP
FAQ

Frequently Asked Questions about Announcement & Notification Banner – Bulletin