CVE-2022-0148
MEDIUM NUCLEIMystickyElements < 2.0.4 - Reflected Cross-Site Scripting on Admin Page
Title source: llmExploitation Summary
CVE-2022-0148 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
Nuclei Templates (1)
WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
MEDIUMby DhiyaneshDK
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2654453/mystickyelements
Scores
CVSS v3
5.4
EPSS
0.0157
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
premio/mystickyelements
< 2.0.4
Published
Feb 07, 2022
Tracked Since
Feb 18, 2026