First published: Mon Nov 20 2023(Updated: )
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.
|Affected Software||Affected Version||How to fix|
The vulnerability ID for this issue is CVE-2023-5509.
The severity of CVE-2023-5509 is medium, with a severity keyword of 'medium' and a severity value of 5.4.
The myStickymenu WordPress plugin before version 2.6.5 is affected by CVE-2023-5509.
CVE-2023-5509 allows any logged-in user to perform unauthorized actions, such as deleting arbitrary form leads, due to inadequate authorization of some ajax calls.
The fix for CVE-2023-5509 is to update the myStickymenu plugin to version 2.6.5 or later.