CVE-2021-24425

CVE-2021-24425: myStickymenu < 2.5.2 - Authenticated Stored XSS

Vendor Unknown
Product Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu
Weakness CWE-79 · XSS
Published August 2, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)

Key dates

02Disclosure timeline

August 2, 2021 CVE published
August 3, 2024 Record updated