Medium severity5.3NVD Advisory· Published Aug 2, 2025· Updated Jun 17, 2026
CVE-2025-8152
CVE-2025-8152
Description
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.7.0
- Range: <=1.7.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.