Vulnerabilities and security researches forsitewide-notice-wp sitewide-notice-wp

Jun 07, 2024

CVE, Research URL: CVE-2021-24592
Home page URL: Security reports for Sitewide Notice WP
Application: Sitewide Notice WP
Date: Aug 30, 2021
Research Description: The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions: max 2.3.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-67575
Home page URL: Security reports for Sitewide Notice WP
Application: Sitewide Notice WP
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.
Affected versions: max 2.4.1.
Status: vulnerable