WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Mystickymenu safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Mystickymenu WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: mystickymenu
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.5.2 [CVE-2021-24425, myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting, myStickymenu &lt; 2.5.2 - Authenticated Stored XSS]
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.5 [CVE-2023-5509, myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion, myStickymenu &lt; 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion]
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.7 [CVE-2023-7048, My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure, WordPress My Sticky Bar Plugin <= 2.6.6 is vulnerable to Cross Site Request Forgery (CSRF), My Sticky Bar &lt; 2.6.7 - CSV Export via CSRF to Sensitive Information Disclosure]
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.8 [My Sticky Bar < 2.6.8 - Admin+ Stored XSS, My Sticky Bar &lt; 2.6.8 - Admin+ Stored XSS, WordPress My Sticky Bar Plugin < 2.6.8 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar <= 2.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting, EUVD-2024-27592]
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.7.2 [CVE-2024-4090, WordPress My Sticky Bar Plugin < 2.7.2 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar (formerly myStickymenu) <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting]
+ 2 more known vulnerabilities
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.7.3 [CVE-2024-7133, WordPress My Sticky Bar Plugin < 2.7.3 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar <= 2.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting]
  • My Sticky Bar &#8211; Floating Notification Bar &amp; Sticky Header (formerly myStickymenu) [mystickymenu] < 2.8.7 [CVE-2026-3657, My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.