Easy Sticky Sidebar

Source repositories

CVE	Sev	Risk	CVSS	Published	Description
CVE-2023-46644	Med	0.42	6.5	Jan 2, 2025	Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
CVE-2025-8152	Med	0.34	5.3	Aug 2, 2025	The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
CVE-2025-53270	Med	0.28	4.3	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through <= 1.7.0.

CVE-2023-46644MedJan 2, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
CVE-2025-8152MedAug 2, 2025
risk 0.34cvss 5.3epss 0.00
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
CVE-2025-53270MedJun 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Cross Site Request Forgery.This issue affects WordPress CTA: from n/a through <= 1.7.0.