CVE-2023-5509

Summary

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.

Affected Software

VendorProductVersion RangeStatus
UnknownFloating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme0 < 2.6.5affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References