| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-27356 | WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability | Hardik | Sticky Header On Scroll | Medium | 5.4 | 2025-02-24 14:49:27 | Deep Dive |
| CVE-2025-24720 | WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | Wow-Company | Sticky Buttons | Medium | 5.4 | 2025-01-24 17:25:05 | Deep Dive |
| CVE-2025-23839 | WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Asif Shakeel | Sticky Button | High | 7.1 | 2025-01-24 10:52:57 | Deep Dive |
| CVE-2023-51362 | WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability | Premio | My Sticky Elements | 中危 | - | 2024-12-09 11:29:47 | Deep Dive |
| CVE-2024-10551 | Sticky Social Icons <= 1.2.1 - Admin+ Stored XSS | Unknown | Sticky Social Icons | 中危 | - | 2024-12-06 06:00:08 | Deep Dive |
| CVE-2024-52491 | WordPress Sticky Social Icons plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability | Sanil Shakya | Sticky Social Icons | Medium | 5.9 | 2024-12-02 13:48:54 | Deep Dive |
| CVE-2024-10803 | MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download | FWDesign | MP3 Sticky Player | High | 7.5 | 2024-11-23 07:38:05 | Deep Dive |
| CVE-2024-11428 | Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | aishan | Lazy load videos and sticky control | Medium | 6.4 | 2024-11-21 02:06:29 | Deep Dive |
| CVE-2024-51631 | WordPress Sticky Social Bar plugin <= 2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | Md Eftakhairul Islam | Sticky Social Bar | High | 7.1 | 2024-11-19 16:32:31 | Deep Dive |
| CVE-2024-51699 | WordPress Buooy Sticky Header plugin <= 0.5.2 - Reflected Cross Site Scripting (XSS) vulnerability | Buooy | Buooy Sticky Header | High | 7.1 | 2024-11-09 12:36:19 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7133 | My Sticky Bar < 2.7.3 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-4090 | My Sticky Bar < 2.7.2 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2024-08-01 06:00:05 | Deep Dive |
| CVE-2023-40672 | WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability | Hardik Chavada | Sticky Social Media Icons | Medium | 5.4 | 2024-06-12 09:36:29 | Deep Dive |
| CVE-2024-35170 | WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | Hidden Depth | Sticky banner | Medium | 5.9 | 2024-05-13 10:00:31 | Deep Dive |
| CVE-2024-34546 | WordPress Sticky Social Link plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | Habibur Rahman | Sticky Social Link | Medium | 5.9 | 2024-05-08 11:33:16 | Deep Dive |
| CVE-2024-3475 | Sticky Buttons < 3.2.4 - Button Deletion via CSRF | Unknown | Sticky Buttons | 中危 | - | 2024-05-02 06:00:03 | Deep Dive |
| CVE-2024-33646 | WordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerability | Toast Plugins | Sticky Anything | High | 7.1 | 2024-04-29 04:57:12 | Deep Dive |
| CVE-2024-30551 | WordPress Sticky Anything plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | Toast Plugins | Sticky Anything | High | 7.1 | 2024-03-31 19:56:16 | Deep Dive |
| CVE-2023-51534 | WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS) | Brave | Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content | Medium | 5.9 | 2024-02-01 10:31:21 | Deep Dive |