CVE-2025-14428 - My Sticky Elements <= 2.3.3 - missing authorization to authenticated (subscriber...

CVE ID : CVE-2025-14428 Published : Jan. 1, 2026, 5:15 p.m. | 23 minutes ago Description : The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'my_sticky_elements_bulks' function in all versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all contact form leads stored by the plugin. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor