What the vulnerability does
01Description
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through <= 1.1.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Experto CTA Widget plugin for WordPress fails to properly check user permissions before allowing modifications to call-to-action settings. An unauthenticated attacker can modify widget configuration over the network without needing to log in or interact with a site administrator. This affects all versions up to 1.1.1.
What an attacker can do
03Attacker Capabilities
Modify call-to-action widget settings and content without authentication.
Potential impact on your site
04Site Impact
Attackers can deface or redirect your CTA buttons and floating elements without your knowledge or permission.
Conditions required to exploit
05Prerequisites
Network access to the WordPress site; no login or user interaction required.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
April 28, 2026
Record updated