CVE-2025-8152 WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatectastatus' and 'changestickysidebarname' functions in all versions up to, and including, 1.7.0. This makes it...

PT-2025-31726 · WordPress · Sticky Buttons +2

Name of the Vulnerable Software and Affected Versions: WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons versions prior to 1.7.1 Description: The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is susceptible to unauthorized data modification due to a...