cleantalk
Vulnerabilities and Security Researches

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin, CVE-2025-8152

CVE, Research URL

CVE-2025-8152

Home page URL

Security reports for WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Application

WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin

Published on
Aug 02, 2025
Research Description
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
Affected versions
Min -, max 1.7.1.
Status
vulnerable
Previous vulnerability researches
NinjaScanner – Virus & Malware scan (CVE-2025-8213) , Aug 02, 2025
New vulnerability
BuddyPress XProfile Custom Image Field (CVE-2025-48158) , Aug 04, 2025
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier (CVE-2025-6832) , Aug 04, 2025
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025