PT-2025-31726 · WordPress · Wp Cta – Call To Action Plugin+2
Sushi Com Abacate
·
Published
2025-08-02
·
Updated
2025-08-02
·
CVE-2025-8152
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons versions prior to 1.7.1
Description
The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check. Specifically, the
update cta status and change sticky sidebar name functions lack proper authorization controls. This allows unauthenticated attackers to modify the status of sticky call-to-action buttons and update the name displayed in the WordPress CTA Dashboard.Recommendations
Update WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons to version 1.7.1 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sticky Buttons
Sticky Cta
Wp Cta – Call To Action Plugin