Sticky Buttons
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3475 | Hig | 0.49 | 7.5 | 0.00 | May 2, 2024 | The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||
| CVE-2025-24720 | Med | 0.35 | 5.4 | 0.00 | Jan 24, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1. | ||
| CVE-2024-0703 | Med | 0.29 | 4.4 | 0.00 | Jan 23, 2024 | The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… |
- risk 0.49cvss 7.5epss 0.00
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.
- risk 0.29cvss 4.4epss 0.00
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…