Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/01/01 4:19 p.m.2 views

CVE-2025-14428 My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

4.3CVSS4.7AI score0.00037EPSS
Exploits0References5
CVE
CVEadded 2026/01/01 4:19 p.m.7 views

CVE-2025-14428

CVE-2025-14428 affects the WordPress plugin “All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements” up to version 2.3.3. The issue is a missing capability check in the my_sticky_elements_bulks function, allowing authenticated attackers with Su...

4.3CVSS4.7AI score0.00037EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/01/01 4:19 p.m.17 views

CVE-2025-14428 My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion

The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'mystickyelementsbulks' function in all versions up to, and including, 2.3.3. This...

4.3CVSS0.00037EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/01/11 12:0 a.m.2 views

PT-2025-1777 · WordPress · The Coupon X: Discount Pop Up

Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to missing capability checks on several functions in the...

5.4CVSS7.2AI score0.00243EPSS
Exploits0References7
Patchstack
Patchstackadded 2021/12/22 12:0 a.m.10 views

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.7 - Arbitrary Lead Deletion vulnerability

Arbitrary Lead Deletion vulnerability discovered by WPScanTeam in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.7. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.6.8...

3.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDBadded 2021/12/22 12:0 a.m.10 views

Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion

The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack PoC POST...

1.7AI score
Exploits0Affected Software1
Rows per page
Query Builder