CVE-2025-23839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...

EUVD-2025-3468

Malicious code in bioql PyPI...

CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2025-23839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...

CVE-2025-23839

CVE-2025-23839 is a Stored XSS vulnerability affecting the WordPress Sticky Button plugin, specifically the NotFound Sticky Button variant, with versions n/a through 1.0. The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting as describ...

CVE-2025-23839 WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...

CVE-2025-23839 WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...

WordPress plugin Sticky Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2025-5136 · Unknown · Notfound Sticky Button

Name of the Vulnerable Software and Affected Versions: NotFound Sticky Button versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can...

WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sticky Button versions = 1.0...

CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375 WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues...

CVE-2022-2375

The CVE-2022-2375 entry corresponds to the WordPress WP Sticky Button plugin versions before 1.4.1, where a lack of authorization/CSRF checks when saving settings allows unauthenticated users to update settings. Some settings are also not escaped, enabling Stored Cross-Site Scripting (XSS) as des...

PT-2022-16248 · WordPress · Wp Sticky Button

Name of the Vulnerable Software and Affected Versions: WP Sticky Button WordPress plugin versions prior to 1.4.1 Description: The issue concerns a lack of authorization and CSRF checks when saving settings, allowing unauthenticated users to update them. This could also lead to Stored Cross-Site...

WordPress plugin WP Sticky Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues fetch"/wp-admin/admin-ajax.php", "headers": "content-type":...

WordPress WP Sticky Button plugin <= 1.4.0 - Unauthenticated Arbitrary Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)

Unauthenticated Arbitrary Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP Sticky Button plugin versions = 1.4.0. Solution Update the WordPress WP Sticky Button – Click to Chat plugin to the latest available version at least...