PLUGIN SECURITY
Is Mystickymenu safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Mystickymenu WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
mystickymenu - Max supported PHP (analyzed): 8.4
Known vulnerabilities
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.5.2 [CVE-2021-24425, myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting, myStickymenu < 2.5.2 - Authenticated Stored XSS]
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.5 [CVE-2023-5509, myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion, myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion]
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.7 [CVE-2023-7048, My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure, WordPress My Sticky Bar Plugin <= 2.6.6 is vulnerable to Cross Site Request Forgery (CSRF), My Sticky Bar < 2.6.7 - CSV Export via CSRF to Sensitive Information Disclosure]
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.6.8 [My Sticky Bar < 2.6.8 - Admin+ Stored XSS, My Sticky Bar < 2.6.8 - Admin+ Stored XSS, WordPress My Sticky Bar Plugin < 2.6.8 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar <= 2.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting, EUVD-2024-27592]
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.7.2 [CVE-2024-4090, WordPress My Sticky Bar Plugin < 2.7.2 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar (formerly myStickymenu) <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting]
+ 2 more known vulnerabilities
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.7.3 [CVE-2024-7133, WordPress My Sticky Bar Plugin < 2.7.3 is vulnerable to Cross Site Scripting (XSS), My Sticky Bar <= 2.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting]
- My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) [mystickymenu] < 2.8.7 [CVE-2026-3657, My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WPFront Notification Bar — 50000+ active installs — max PHP 8.4
- NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar — 40000+ active installs — max PHP <8.0
- Top Bar — 10000+ active installs — max PHP 8.4
- WP Notification Bars — 10000+ active installs
- Announcer – Sticky Message Banner & Notification Bar — 10000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.