VYPR

Sticky Buttons

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-3475HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.00

    The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

  • CVE-2025-24720MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.

  • CVE-2024-0703MedJan 23, 2024
    risk 0.29cvss 4.4epss 0.00

    The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…