Vulnerabilities and security researches foreasy-sticky-sidebar easy-sticky-sidebar

Jun 06, 2024

CVE, Research URL: 64c4cc86fec741868a7da661556f73f312d61895
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Sep 04, 2023
Research Description: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin [easy-sticky-sidebar] < 1.5.9 WordPress WordPress CTA Plugin <= 1.5.6 is vulnerable to Cross Site Request Forgery (CSRF) No patched version is available. This plugin has been closed as of May 9, 2023 and is not available for download. Reason: Licensing/Trademark Violation. Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress WordPress CTA Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-46644
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
Affected versions: Min -, max -.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-53270
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Jun 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9.
Affected versions: Min -, max -.
Status: vulnerable

Aug 04, 2025

CVE, Research URL: CVE-2025-8152
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Aug 02, 2025
Research Description: The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
Affected versions: Min -, max -.
Status: vulnerable