What the vulnerability does
01Description
Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
Explanation of Vulnerability in Simple Terms
02Summary
My Sticky Elements through version 2.3.3 fails to properly check user permissions before allowing certain actions. A logged-in user with low privileges can trigger a denial-of-service condition affecting site availability. The vulnerability requires valid site access but no special interaction from other users.
What an attacker can do
03Attacker Capabilities
A logged-in user can disrupt site availability by triggering a denial-of-service condition.
Potential impact on your site
04Site Impact
Site availability may be disrupted by low-privilege users performing unauthorized actions.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
December 30, 2025
CVE published
April 28, 2026
Record updated