WpStickyBar <= 2.1.0 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2024-5765 info: name: WpStickyBar = 2.1.0 - SQL Injection author: theamanrawat severity: high description: | Th...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WpStickyBar plugin <= 2.1.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WpStickyBar versions = 2.1.0...

WordPress WpStickyBar plugin <= 2.1.0 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin WpStickyBar versions = 2.1.0...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6226

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-5765

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6226

CVE-2024-6226 relates to the WpStickyBar WordPress plugin (versions up to 2.1.0). It describes a reflected XSS flaw where a user-supplied parameter is not properly sanitized/escaped before being echoed on a page. The impact is described as allowing an attacker to target high-privilege users (e.g....

CVE-2024-5765 WpStickyBar <= 2.1.0 - Unauthenticated SQLi

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-5765 WpStickyBar <= 2.1.0 - Unauthenticated SQLi

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-5765

CVE-2024-5765 affects WpStickyBar

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6226 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ad3f0b1cf19 Credits Bob Matyas Required...

WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5765 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 003d2dbb7aa7 Credits Project Black Required privilege Unauthenticated...

PT-2024-37466 · WordPress · Wpstickybar

Name of the Vulnerable Software and Affected Versions: WpStickyBar WordPress plugin versions prior to 2.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...

WordPress plugin WpStickyBar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WpStickyBar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37132 · WordPress · Wpstickybar

Name of the Vulnerable Software and Affected Versions: WpStickyBar WordPress plugin versions prior to 2.1.1 Description: The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticat...