5 matches found
CVE-2023-0487
The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2023-0487
creationtimestamp| type| source ---|---|--- 2023-02-27 18:27:50+00:00| seen| https://t.me/cibsecurity/58948 2025-03-10 14:38:54+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7009...
CVE-2023-0487
CVE-2023-0487 affects the WordPress plugin My Sticky Elements . The vulnerability arises in versions prior to 2.0.9, where a parameter is not properly sanitised/escaped before being used in a SQL statement when deleting messages, enabling a SQL injection by users with high privileges (e.g., admin...
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...
WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.0.9 is vulnerable to SQL Injection
Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.0.9 Fixed in 2.0.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0487 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID cdb7568b0dc6 Credits qerogramat Kak...