Medium 6.5
2026-03-05< 2.1.3
CVE-2026-22459
WP CTA – Call Now Button, Sticky Button & Call to Action Builder
Minimum safe version
2.1.3
Update to 2.1.3 or later to address 5 fixable vulnerabilities
Latest available2.3.0 ✓
Medium 5.3
2025-08-02< 1.7.1
WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update
Medium 4.3
2025-06-27< 1.7.1
CVE-2025-53270
Medium 6.5
2025-01-02< 1.5.9
CVE-2023-46644
N/A
2023-09-04< 1.5.9
WordPress WordPress CTA Plugin <= 1.5.6 is vulnerable to Cross Site Request Forgery (CSRF)