CVE-2022-2375

Name of the Vulnerable Software and Affected Versions WP Sticky Button WordPress plugin versions prior to 1.4.1

Description The issue concerns a lack of authorization and CSRF checks when saving settings, allowing unauthenticated users to update them. This could also lead to Stored Cross-Site Scripting issues due to the lack of escaping in some settings.

Recommendations For WP Sticky Button WordPress plugin versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to prevent unauthenticated updates until the patch is applied.