NotCVE - vendor:"Premio" product:"Mystickymenu" version:"

2 results (0.003 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5509 – myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

https://notcve.org/view.php?id=CVE-2023-5509

27 Oct 2023 — The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. El complemento myStickymenu de WordPress anterior a 2.6.5 no autoriza adecuadamente algunas llamadas ajax, lo que permite que cualquier usuario que haya iniciado sesión realice las acciones. The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) plugin for WordPress is vuln... • https://wpscan.com/vulnerability/3b33c262-e7f0-4310-b26d-4727d7c25c9d • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24425 – myStickymenu < 2.5.2 - Authenticated Stored XSS

https://notcve.org/view.php?id=CVE-2021-24425

21 Jun 2021 — The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active) Los plugins Floating Notification Bar, Sticky Menu on Scroll, y Sticky Header for Any Theme â€“ ... • https://m0ze.ru/vulnerability/%5B2021-05-21%5D-%5BWordPress%5D-%5BCWE-79%5D-MyStickymenu-WordPress-Plugin-v2.5.1.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •