← Back

Mystickymenu

mystickymenu

Vendor: Premio • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-5509
1Premio
1Mystickymenu
Nov 21, 2024
Nov 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.
CVE-2021-24425
1Premio
1Mystickymenu
Nov 21, 2024
Aug 2, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use...Show more
The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)Show less