WordPress Plugin Vulnerabilities

Simple Sticky Add To Cart For WooCommerce <= 1.4.9 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
sticky-add-to-cart-woo
No known fix

References

CVE
CVE-2025-31854
URL
https://patchstack.com/database/wordpress/plugin/sticky-add-to-cart-woo/vulnerability/wordpress-simple-sticky-add-to-cart-for-woocommerce-plugin-1-4-5-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
theviper17y
Verified
No
WPVDB ID
9cce0cd6-89ea-4f58-a2ba-6d671b5fad88

Timeline

Publicly Published
2025-04-01 (about 11 months ago)
Added
2025-04-08 (about 11 months ago)
Last Updated
2026-01-29 (about 1 month ago)

Other

Published
Title
Published
2025-03-25
Title
BWL Advanced FAQ Manager < 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
Published
2022-11-09
Title
WPML < 4.5.11 - Subscriber+ Settings Update
Published
2023-03-10
Title
RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls
Published
2026-01-15
Title
All in One SEO < 4.9.3 - Contributor+ AI Access Token and Credit Disclosure
Published
2022-02-02
Title
Wordpress Download Manager < 3.2.35 - Sensitive Information Disclosure