Unauthorized Data Modification in WP CTA Plugin for WordPress
CVE-2025-8152

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Cta
Vendor: CVE Published:; 2 August 2025

What is CVE-2025-8152?

The WP CTA – Call To Action Plugin and related plugins are vulnerable to unauthorized data modification due to a lack of capability checks in critical update functions. This vulnerability affects all versions up to and including 1.7.0, allowing unauthenticated attackers to manipulate the status of 'sticky' elements and alter names displayed in the WordPress dashboard. The absence of proper validation creates opportunities for malicious actions, potentially compromising the integrity of site configurations and user interfaces.

Affected Version(s)

WP CTA * <= 1.7.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/easy-sticky-si...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

Sushi Com Abacate