CVE-2025-24720
- EPSS 0.03%
- Veröffentlicht 24.01.2025 18:15:45
- Zuletzt bearbeitet 24.01.2025 18:15:45
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.
CVE-2024-3475
- EPSS 0.15%
- Veröffentlicht 02.05.2024 06:15:50
- Zuletzt bearbeitet 08.05.2025 17:52:48
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVE-2024-0703
- EPSS 0.2%
- Veröffentlicht 23.01.2024 11:15:08
- Zuletzt bearbeitet 21.11.2024 08:47:10
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it poss...
CVE-2023-2362
- EPSS 0.12%
- Veröffentlicht 12.06.2023 18:15:09
- Zuletzt bearbeitet 05.05.2025 16:15:35
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button Word...