premio CVE Vulnerabilities & Metrics

Focus on premio vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About premio Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with premio. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total premio CVEs: 13
Earliest CVE date: 02 Aug 2021, 11:15 UTC
Latest CVE date: 13 Sep 2024, 06:15 UTC

Latest CVE reference: CVE-2024-7133

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical premio CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.14

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	12
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS premio CVEs

These are the five CVEs with the highest CVSS scores for premio, sorted by severity first and recency.

CVE-2021-25016 premio Published on 03 Jan 2022, 13:15 UTC (CVSS: 4.3)
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-36846 premio Published on 11 Apr 2022, 20:15 UTC (CVSS: 3.5)
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3
CVE-2022-0148 premio Published on 07 Feb 2022, 16:16 UTC (CVSS: 3.5)
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
CVE-2021-24425 premio Published on 02 Aug 2021, 11:15 UTC (CVSS: 3.5)
The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welc...
CVE-2024-7133 premio Published on 13 Sep 2024, 06:15 UTC (CVSS: 0)
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.

All CVEs for premio

CVE-2024-7133 premio vulnerability CVSS: 0 13 Sep 2024, 06:15 UTC

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.

CVE-2024-4149 premio vulnerability CVSS: 0 13 Jun 2024, 06:15 UTC

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-7048 premio vulnerability CVSS: 0 11 Jan 2024, 09:15 UTC

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function.

CVE-2023-40204 premio vulnerability CVSS: 0 20 Dec 2023, 19:15 UTC

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.

CVE-2023-47759 premio vulnerability CVSS: 0 22 Nov 2023, 20:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions.

CVE-2023-5509 premio vulnerability CVSS: 0 20 Nov 2023, 19:15 UTC

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.

CVE-2023-25019 premio vulnerability CVSS: 0 30 Aug 2023, 12:15 UTC

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions

CVE-2023-3245 premio vulnerability CVSS: 0 17 Jul 2023, 14:15 UTC

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-3858 premio vulnerability CVSS: 0 05 Dec 2022, 17:15 UTC

The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.

CVE-2021-36846 premio vulnerability CVSS: 3.5 11 Apr 2022, 20:15 UTC

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3

CVE-2022-0148 premio vulnerability CVSS: 3.5 07 Feb 2022, 16:16 UTC

The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.

CVE-2021-25016 premio vulnerability CVSS: 4.3 03 Jan 2022, 13:15 UTC

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

CVE-2021-24425 premio vulnerability CVSS: 3.5 02 Aug 2021, 11:15 UTC

The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight privilege users to use malicious JavaScript in it, leading to a Stored Cross-Site Scripting issue, which will be triggered in the plugin's setting, as well as all front-page of the blog (when the Welcome bar is active)