CVE-2025-24720 — Cross-Site Request Forgery in Sticky Buttons

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 76.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wow-company Sticky Buttons

Timeline

PublishedJan 24

Description

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.

Affected Packages1 packages

▶CVEListV5wow-company/sticky_buttons4.1.1

🔴Vulnerability Details

GHSA

GHSA-jfgp-w7cm-f72g: Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery↗2025-01-24

▶

CVEList

WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability↗2025-01-24

▶