← Back

My Sticky Elements

my_sticky_elements

Vendor: Premio • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-3248
1Premio
1My Sticky Elements
Apr 23, 2025
Jul 24, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev...Show more
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2023-0487
1Premio
1My Sticky Elements
Mar 10, 2025
Feb 27, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege u...Show more
The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as adminShow less