Sticky Menu, Sticky Header (or anything!) on Scroll < 2.21 – CSRF & XSS

Affects Plugins

sticky-menu-or-anything-on-scroll

Fixed in 2.21

References

URL

https://blog.sucuri.net/2020/09/reflected-xss-in-wordpress-plugin-admin-pages.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Antony Garand (Sucuri)

Verified

No

WPVDB ID

cd104516-23cc-43e4-a9c6-11260baf36fb

Timeline

Publicly Published

2020-09-09 (about 5 years ago)

Added

2020-09-09 (about 5 years ago)

Last Updated

2020-09-10 (about 5 years ago)

Other

Published

Title

Published

2025-02-17

Title

Active Products Tables for WooCommerce. Use constructor to create tables < 1.0.6.7 - Reflected Cross-Site Scripting

Published

2024-02-28

Title

System Dashboard < 2.8.10 - XSS via Header Injection

Published

2025-02-04

Title

WP Pricing Table <= 1.1 - Reflected XSS

Published

2022-02-02

Title

Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting

Published

2024-07-11

Title

Master Addons for Elementor < 2.0.6.3 - Authenticated (Author+) Stored Cross-Site Scripting