CVE Details
Basic Information
| Title | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
|---|---|
| Type | cve |
| Published | 2025-06-14T08:23:24.260Z |
| Last Seen |
Product Information
| Vendor | bogdanding |
|---|---|
| Product | Zen Sticky Social |
| Version | * |
CVSS Information
| Base Score | 6.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery, allowing attackers to update settings and inject malicious scripts by tricking an administrator into clicking a link. The vulnerability affects all versions up to and including 0.3. |
|---|---|
| AI Severity | Medium |
| Vendor | bogdanding |
| Product | Zen Sticky Social |
| Affected Version | 0.3 |
Affected Products
- bogdanding Zen Sticky Social *
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-352 |
| Bulletin Family |
References
Description
The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the ‘zen-social-sticky/zen-sticky-social.php’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.