31 matches found
EUVD-2025-3912
Malicious code in bioql PyPI...
EUVD-2024-16493
Malicious code in bioql PyPI...
CVE-2025-24720
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through = 4.1.1...
CVE-2024-3475
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2025-24720
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through = 4.1.1...
CVE-2025-24720
CVE-2025-24720 describes a Cross-Site Request Forgery (CSRF) to Settings Update vulnerability in the WordPress plugin Sticky Buttons (Wow-Company), affecting versions through 4.1.1. The initial description and multiple security trackers corroborate the CSRF flaw, with references noting impact to ...
CVE-2025-24720 WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1...
WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Sticky Buttons versions = 4.1.1...
WordPress plugin Sticky Buttons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2025-5534 · Wow Company · Sticky Buttons
Name of the Vulnerable Software and Affected Versions: Wow-Company Sticky Buttons versions through 4.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an...
WordPress Sticky Buttons plugin < 3.2.4 - Button Deletion via CSRF vulnerability
Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Sticky Buttons versions 3.2.4...
CVE-2024-3475
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3475
The CVE-2024-3475 issue concerns the Sticky Buttons WordPress plugin. Connected sources confirm that versions prior to 3.2.4 ship with missing CSRF checks on certain bulk actions, enabling an attacker with admin privileges to cause logged-in admins to perform unwanted actions (e.g., deleting butt...
WordPress plugin Sticky Buttons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...
PT-2024-26157 · WordPress · Sticky Buttons
Name of the Vulnerable Software and Affected Versions: The Sticky Buttons WordPress plugin versions prior to 3.2.4 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting...
Sticky Buttons < 3.2.4 - Button Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
CVE-2024-0703
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-0703
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...