The Announcement & Notification Banner – Bulletin plugin for WordPress has a security vulnerability in versions 3.5.1 and earlier. This vulnerability allows people with a subscriber level permission (or higher) to inject malicious web scripts into pages that can be executed when someone visits the page. This is due to the plugin not properly sanitizing and escaping inputs.