Medium severity5.4NVD Advisory· Published Aug 22, 2022· Updated Jun 17, 2026
CVE-2022-2375
CVE-2022-2375
Description
The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Sticky Button plugindescription
- Range: <1.4.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/caab1fca-cc6b-45bb-bd0d-f857edd8bb81nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.