CVE-2025-14428

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

EUVD-2026-0015

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

CVE-2025-14428 My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

CVE-2025-14428

CVE-2025-14428 affects the WordPress plugin “All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements” up to version 2.3.3. The issue is a missing capability check in the my_sticky_elements_bulks function, allowing authenticated attackers with Su...

WordPress plugin My Sticky Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1009

Name of the Vulnerable Software and Affected Versions My Sticky Elements plugin for WordPress versions prior to 2.3.4 Description The My Sticky Elements plugin for WordPress is susceptible to unauthorized data loss. A missing capability check within the my sticky elements bulks function allows...

CVE-2025-68995

Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.3.3...

EUVD-2025-205741

Missing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.3.3...

CVE-2025-68995 WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.3.3...

CVE-2025-68995 WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.3.3...

PT-2025-53884

Name of the Vulnerable Software and Affected Versions My Sticky Elements versions prior to 2.3.3 Description The software contains a missing authorization issue, allowing exploitation of incorrectly configured access control security levels. Recommendations Update My Sticky Elements to a version...

WordPress plugin My Sticky Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2023-56083

Malicious code in bioql PyPI...

EUVD-2023-12537

Malicious code in bioql PyPI...

CVE-2023-0487

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2024-14090 · Premio · All-In-One Floating Contact Form – My Sticky Elements

Name of the Vulnerable Software and Affected Versions: All-in-one Floating Contact Form – My Sticky Elements versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This...

The vulnerability in the admin.php script of the WordPress content management system’s “My Sticky Elements” plugin allows attackers to perform cross-site scripting attacks.

The vulnerability of the admin.php script on the WordPress administration panel of the My Sticky Elements plugin is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2023-0487

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-0487 My Sticky Elements < 2.0.9 - Admin+ SQLi

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...

WordPress Plugin My Sticky Elements SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...