Medium severity6.1NVD Advisory· Published Jun 20, 2023· Updated Jun 17, 2026
CVE-2023-3320
CVE-2023-3320
Description
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.0.1
- musilda/WP Sticky Socialv5Range: 1.0.1
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changesetnvdPatch
- packetstormsecurity.com/files/173048/WordPress-WP-Sticky-Social-1.0.1-CSRF-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313nvdThird Party Advisory
News mentions
0No linked articles in our index yet.