cleantalk
Vulnerabilities and Security Researches

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin, 64c4cc86fec741868a7da661556f73f312d61895

CVE, Research URL

64c4cc86fec741868a7da661556f73f312d61895

Home page URL

Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Application

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Published on
Sep 04, 2023
Research Description
WP CTA &#8211; Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin [easy-sticky-sidebar] < 1.5.9 WordPress WordPress CTA Plugin <= 1.5.6 is vulnerable to Cross Site Request Forgery (CSRF) No patched version is available. This plugin has been closed as of May 9, 2023 and is not available for download. Reason: Licensing/Trademark Violation. Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress WordPress CTA Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.
Affected versions
Min -, max 1.5.9.
Status
vulnerable
Previous vulnerability researches
WP CTA &#8211; Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2023-46644) , Jun 10, 2024
WP CTA &#8211; Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (64c4cc86fec741868a7da661556f73f312d61895) , Jun 06, 2024
New vulnerability
WP Edit (CVE-2025-53253) , Jul 01, 2025
Accept Authorize.NET Payments Using Contact Form 7 (CVE-2025-53322) , Jul 01, 2025
Owl carousel responsive (CVE-2025-5590) , Jul 01, 2025
App Builder &#8211; Create Native Android &amp; iOS Apps On The Flight (CVE-2025-49989) , Jul 01, 2025
Sitekit (CVE-2025-50047) , Jul 01, 2025