A17Lab Wpstickybar vulnerabilities
2 known vulnerabilities affecting a17lab/wpstickybar.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-5765P1CRITICALCVSS 9.8PoC≤ 2.1.02024-07-30
CVE-2024-5765 [CRITICAL] CWE-89 CVE-2024-5765: The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter be
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
nvd
CVE-2024-6226P4MEDIUMCVSS 6.1≤ 2.1.02024-07-30
CVE-2024-6226 [MEDIUM] CWE-79 CVE-2024-6226: The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outp
The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
nvd