Description
Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
Published: 2025-12-30
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in Premio My Sticky Elements allows an attacker to bypass access control security levels integrated within the plugin. This flaw can enable an unauthorized user to view or modify content, settings, or other privileged information that is otherwise restricted to authenticated administrators, potentially leading to data exposure or manipulation of website behavior.

Affected Systems

The vulnerability affects the My Sticky Elements plugin, distributed by Premio, in all versions from first release through 2.3.3. Users running any of these versions on WordPress sites are potentially exposed.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while an EPSS of less than 1% suggests a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is typical of web-based plugins: an authenticated user with elevated privileges or an attacker who has compromised credentials could exploit incorrectly configured access controls to gain unauthorized access to protected functionality.

Generated by OpenCVE AI on April 29, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the My Sticky Elements plugin to a version later than 2.3.3 when available.
  • Configure the plugin to allow only administrator roles to access its management interfaces and restrict all other roles.
  • Disable or remove the plugin entirely if it is not required for site functionality.
  • Monitor site logs for anomalous access attempts to the plugin’s administrative interfaces.

Generated by OpenCVE AI on April 29, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3. Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 30 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
Title WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:33.810Z

Reserved: 2025-12-29T11:18:13.436Z

Link: CVE-2025-68995

cve-icon Vulnrichment

Updated: 2025-12-30T15:31:29.759Z

cve-icon NVD

Status : Deferred

Published: 2025-12-30T11:15:58.317

Modified: 2026-04-27T19:16:40.743

Link: CVE-2025-68995

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T18:30:17Z

Weaknesses