CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...

CVE-2026-22459

CVE-2026-22459 affects the WordPress plugin WP CTA – Call Now Button, Sticky Button & Call to Action Builder (easy-sticky-sidebar). The issue is a Missing Authorization vulnerability due to incorrectly configured access control, allowing exploitation within WordPress CTA versions up to 2.1.2. Wor...

CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...

CVE-2025-8152

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

CVE-2025-8152

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

PT-2025-31726 · WordPress · Sticky Buttons +2

Name of the Vulnerable Software and Affected Versions: WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons versions prior to 1.7.1 Description: The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is susceptible to unauthorized data modification due to a...

WordPress WP CTA plugin <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update vulnerability

Missing Authorization to Unauthenticated Sticky Status Update vulnerability discovered by Sushi Com Abacate in WordPress Plugin WordPress CTA versions = 1.7.0...

WordPress CTA plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WordPress CTA versions = 1.7.0...

CVE-2025-53270 WordPress CTA plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through = 1.7.0...

CVE-2023-46644 WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...

WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Broken Access Control

Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46644 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 45791c76e335 Credits Abdi Pranata Required...