WpStickyBar <= 2.1.0 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2024-5765 info: name: WpStickyBar = 2.1.0 - SQL Injection author: theamanrawat severity: high description: | Th...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WpStickyBar plugin <= 2.1.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WpStickyBar versions = 2.1.0...

WordPress WpStickyBar plugin <= 2.1.0 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin WpStickyBar versions = 2.1.0...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6226

CVE-2024-6226 relates to the WpStickyBar WordPress plugin (versions up to 2.1.0). It describes a reflected XSS flaw where a user-supplied parameter is not properly sanitized/escaped before being echoed on a page. The impact is described as allowing an attacker to target high-privilege users (e.g....

CVE-2024-5765

CVE-2024-5765 affects WpStickyBar

CVE-2024-5765 WpStickyBar <= 2.1.0 - Unauthenticated SQLi

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-5765 WpStickyBar <= 2.1.0 - Unauthenticated SQLi

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

PT-2024-37466 · WordPress · Wpstickybar

Name of the Vulnerable Software and Affected Versions: WpStickyBar WordPress plugin versions prior to 2.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5765 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 003d2dbb7aa7 Credits Project Black Required privilege Unauthenticated...

WordPress plugin WpStickyBar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37132 · WordPress · Wpstickybar

Name of the Vulnerable Software and Affected Versions: WpStickyBar WordPress plugin versions prior to 2.1.1 Description: The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticat...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ad3f0b1cf19 Credits Bob Matyas Required...

WordPress plugin WpStickyBar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...