Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky Elements 2.1.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 3, 2023

The All-in-one Floating Contact Form plugin for WordPress is insecure in versions up to 2.1.1. This vulnerability allows people with administrator-level access to inject malicious scripts into pages on the website. If someone visits one of these pages, the malicious script will run. This only affects websites with multiple sites or have disabled a certain security feature.

Detected in:

All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky Elements fixed vulnerable versions: >= * <= 2.1.1
All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.