CVE-2022-0148

Name of the Vulnerable Software and Affected Versions The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin versions prior to 2.0.4

Description The issue is related to a reflected XSS vulnerability on the my-sticky-elements-leads admin page. This vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the lack of protection measures for the web page structure.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the my-sticky-elements-leads admin page until the update is applied.