My Sticky Bar

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-3657	WordPress My Sticky Bar	Hig	0.49	7.5	0.00		Mar 12, 2026	The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in…
CVE-2023-7048	WordPress My Sticky Bar	Low	0.13	3.1	0.00		Jan 11, 2024	The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger…

CVE-2026-3657HigMar 12, 2026
WordPress
My Sticky Bar
risk 0.49cvss 7.5epss 0.00
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in…
CVE-2023-7048LowJan 11, 2024
WordPress
My Sticky Bar
risk 0.13cvss 3.1epss 0.00
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger…