EUVD-2021-11337

Malware in sbrugna...

CVE-2023-5509

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2023-5509

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

Design/Logic Flaw

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

CVE-2023-5509

The CVE concerns the WordPress plugin myStickymenu, prior to version 2.6.5. The vulnerability stems from insufficient authorization of certain AJAX calls, which permits any logged-in user (e.g., subscribers) to perform actions such as deleting form leads, as highlighted by the CVE entry and corro...

CVE-2023-5509 myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions...

PT-2023-32142 · Unknown · Mystickymenu

Name of the Vulnerable Software and Affected Versions: myStickymenu versions prior to 2.6.5 Description: The issue allows any logged-in user to perform certain actions due to inadequate authorization of some AJAX calls. Recommendations: For versions prior to 2.6.5, update to version 2.6.5 or late...

WordPress Plugin myStickymenu Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

Description The plugin does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. 1. Visit myStickymenu + Create new Welcome Bar. Ensure "Collect leads" is enabled, enable the toggle at the top, and Save. 2. In a logged-out window, fill the lead form in the...

myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

Description The plugin does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. PoC 1. Visit myStickymenu + Create new Welcome Bar. Ensure "Collect leads" is enabled, enable the toggle at the top, and Save. 2. In a logged-out window, fill the lead form in...

CVE-2021-24425

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

Cross site scripting

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue,...

CVE-2021-24425

The CVE-2021-24425 entry concerns the WordPress plugin MyStickymenu (myStickymenu) prior to version 2.5.2. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw in the Bar Text settings due to insufficient sanitization/escaping, which can be triggered by privileged users an...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin MyStickymenu, which stems from t...

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active Put...

myStickymenu < 2.5.2 - Authenticated Stored XSS

The plugin does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active PoC...