EUVD-2025-11567

Malicious code in bioql PyPI...

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Sticky Side Buttons plugin < 2.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Sayandeep Dutta in WordPress Plugin Sticky Side Buttons versions 2.0.0...

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3666

CVE-2023-3666 affects the Sticky Side Buttons WordPress plugin prior to version 2.0.0. The issue is Stored XSS caused by insufficient sanitisation/escaping of certain settings, potentially exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite)...

CVE-2023-3666 Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3666 Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-35678

Name of the Vulnerable Software and Affected Versions: Sticky Side Buttons WordPress plugin versions prior to 2.0.0 Description: The plugin does not sanitise and escape some of its settings, which could allow high privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS...

WordPress plugin Sticky Side Buttons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-39421

Cross-Site Request Forgery CSRF vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through = 2.1...

CVE-2025-39421

Cross-Site Request Forgery CSRF vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through = 2.1...

CVE-2025-39421 WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through = 2.1...

CVE-2025-39421

CVE-2025-39421 describes a CSRF vulnerability in the WordPress plugin WP Sticky Side Buttons (Mustafa KUCUK) that enables stored XSS. The CVE entry states the vulnerability affects WP Sticky Side Buttons versions from n/a up to and including 2.1, with CVSSv3.1 metrics (AV:N/AC:L/PR:N/UI:R/S:C/C:L...

CVE-2025-39421 WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1...

PT-2025-16988 · WordPress · Wp Sticky Side Buttons

Name of the Vulnerable Software and Affected Versions: WP Sticky Side Buttons versions n/a through 2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress plugin WP Sticky Side Buttons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...