Vulnerabilities and security researches foreasy-sticky-sidebar easy-sticky-sidebar

Jun 10, 2024

CVE, Research URL: CVE-2023-46644
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 64c4cc86fec741868a7da661556f73f312d61895
Home page URL: Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Application: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin
Date: Sep 04, 2023
Research Description: WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin [easy-sticky-sidebar] < 1.5.9 WordPress WordPress CTA Plugin <= 1.5.6 is vulnerable to Cross Site Request Forgery (CSRF) No patched version is available. This plugin has been closed as of May 9, 2023 and is not available for download. Reason: Licensing/Trademark Violation. Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress WordPress CTA Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable