Denial of Service Vulnerability in Sticky Notes & Color Widgets by WordPress
CVE-2021-47972

8.7HIGH

Key Information:

Vendor: Sticky-notes-color-widgets
Status: Sticky Notes Color Widgets
Vendor: CVE Published:; 16 May 2026

🔔 Create Sticky-notes-color-widgets Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-47972?

The Sticky Notes & Color Widgets plugin version 1.4.2 has a denial of service vulnerability that can be exploited by attackers to crash the application. This is achieved by creating notes with excessively long character strings, where attackers may insert large payloads of repeated characters into note fields. As a result, the application can become unresponsive, disrupting user access and functionality.

Affected Version(s)

Sticky Notes Color Widgets 1.4.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47972 - Proof of Concept

References

https://www.exploit-db.com/exploits/49957

exploit

https://www.vulncheck.com/advisories/sticky-notes-color-w...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 16, 2026
👾
Exploit known to exist
May 16, 2026
Vulnerability published
May 16, 2026
Vulnerability Reserved
May 16, 2026

Credit

Geovanni Ruiz

CVE-2021-47972 Data

JSON