Lucene search
K

5 matches found

NVD
NVD
added 2025/08/02 8:15 a.m.3 views

CVE-2025-8152

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

5.3CVSS0.00282EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/02 7:24 a.m.3 views

CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

5.3CVSS7AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/02 7:24 a.m.8 views

CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

5.3CVSS0.00282EPSS
Exploits0References4
CVE
CVE
added 2025/08/02 7:24 a.m.21 views

CVE-2025-8152

CVE-2025-8152 affects the WordPress plugin “WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons” (versions ≤ 1.7.0). The root cause is a missing capability check in the functions update_cta_status and change_sticky_sidebar_name, enabling unauthenticated attackers to modify sticky CTA statu...

5.3CVSS6.3AI score0.00282EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/01 10:14 p.m.9 views

WordPress WP CTA plugin <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update vulnerability

Missing Authorization to Unauthenticated Sticky Status Update vulnerability discovered by Sushi Com Abacate in WordPress Plugin WordPress CTA versions = 1.7.0...

5.3CVSS6.8AI score0.00282EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder