Sticky Anything <= 2.1.5 - Missing Authorization

Description The Sticky Anything plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action that can lead to Stored...

WordPress plugin Sticky Anything 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Sticky Anything Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Sticky Anything Type Plugin Vulnerable versions = 2.1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30551 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 25bb0e7db645 Credits Mika Required privilege...