3 matches found
WordPress My Sticky Bar plugin < 2.6.8 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin My Sticky Bar versions 2.6.8...
CVE-2024-2643
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...
CVE-2024-2643
CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...