5 matches found
CVE-2025-8152
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...
CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...
CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...
CVE-2025-8152
CVE-2025-8152 affects the WordPress plugin “WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons” (versions ≤ 1.7.0). The root cause is a missing capability check in the functions update_cta_status and change_sticky_sidebar_name, enabling unauthenticated attackers to modify sticky CTA statu...
WordPress WP CTA plugin <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update vulnerability
Missing Authorization to Unauthenticated Sticky Status Update vulnerability discovered by Sushi Com Abacate in WordPress Plugin WordPress CTA versions = 1.7.0...