EUVD-2021-11337

Malware in sbrugna...

CVE-2023-5509

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2023-5509

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

Design/Logic Flaw

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2023-5509 myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2023-5509

The CVE concerns the WordPress plugin myStickymenu, prior to version 2.6.5. The vulnerability stems from insufficient authorization of certain AJAX calls, which permits any logged-in user (e.g., subscribers) to perform actions such as deleting form leads, as highlighted by the CVE entry and corro...

WordPress Plugin myStickymenu Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

PT-2023-32142 · Unknown · Mystickymenu

Name of the Vulnerable Software and Affected Versions: myStickymenu versions prior to 2.6.5 Description: The issue allows any logged-in user to perform certain actions due to inadequate authorization of some AJAX calls. Recommendations: For versions prior to 2.6.5, update to version 2.6.5 or late...

myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

Description The plugin does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. PoC 1. Visit myStickymenu + Create new Welcome Bar. Ensure "Collect leads" is enabled, enable the toggle at the top, and Save. 2. In a logged-out window, fill the lead form in...

myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

Description The plugin does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. 1. Visit myStickymenu + Create new Welcome Bar. Ensure "Collect leads" is enabled, enable the toggle at the top, and Save. 2. In a logged-out window, fill the lead form in the...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

Cross site scripting

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2021-24425

The CVE-2021-24425 entry concerns the WordPress plugin MyStickymenu (myStickymenu) prior to version 2.5.2. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw in the Bar Text settings due to insufficient sanitization/escaping, which can be triggered by privileged users an...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin MyStickymenu, which stems from t...

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active Put...

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active PoC...