CVE-2026-3657
- EPSS 0.16%
- Veröffentlicht 12.03.2026 02:22:36
- Zuletzt bearbeitet 12.03.2026 21:07:53
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly a...
CVE-2024-2643
- EPSS 0.25%
- Veröffentlicht 15.05.2025 20:15:49
- Zuletzt bearbeitet 11.06.2025 14:45:57
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St...
CVE-2024-7133
- EPSS 0.35%
- Veröffentlicht 13.09.2024 06:15:15
- Zuletzt bearbeitet 27.09.2024 21:27:50
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users wi...
CVE-2024-4090
- EPSS 0.28%
- Veröffentlicht 01.08.2024 06:15:02
- Zuletzt bearbeitet 10.06.2025 16:12:04
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cr...
CVE-2023-7048
- EPSS 0.12%
- Veröffentlicht 11.01.2024 09:15:55
- Zuletzt bearbeitet 08.04.2026 19:19:06
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthe...