Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) 2.6.4

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 27, 2023

My Sticky Bar (formerly myStickymenu) is a plugin for WordPress that adds features such as a Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header. Unfortunately, all versions up to and including 2.6.4 are vulnerable to unauthorized modification of data. This means that if someone with subscriber-level access or above is able to gain access to the system, they can delete form leads without permission. Additionally, there are several AJAX actions in the plugin with missing capability checks, such as mystickymenu_admin_send_message_to_owner(), stickymenu_widget_delete(), mystickymenu_widget_status(), which can also be used to perform unauthorized actions.

Detected in:

Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) fixed vulnerable versions:
My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.