cleantalk
Vulnerabilities and Security Researches

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin, CVE-2025-8152

CVE, Research URL

CVE-2025-8152

Home page URL

Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Application

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Published on
Aug 02, 2025
Research Description
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
Affected versions
Min -, max 1.7.1.
Status
vulnerable
Previous vulnerability researches
Blogger Buzz (CVE-2025-54680) , Aug 02, 2025
Blogger Buzz (115f6bdb0e5c21979d308193f82caf8fb7388640) , Jun 11, 2024
Blogger Buzz (CVE-2023-30476) , Jun 10, 2024
New vulnerability
Custom Word Cloud (CVE-2025-8317) , Aug 04, 2025
360 Photo Spheres (CVE-2025-4588) , Aug 04, 2025
BuddyPress XProfile Custom Image Field (CVE-2025-48158) , Aug 04, 2025
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier (CVE-2025-6832) , Aug 04, 2025
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025