CVE-2025-68995
WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
We have discovered 5,057 live websites that are affected by CVE-2025-68995.
Affected Software
| Product |  Mystickyelements |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,057 live websites (74% of Mystickyelements install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 60 versions ( 98% of all versions) |
Details
- Published - Dec 30, 2025
- Updated - Jan 20, 2026
Credits
- daroo | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-68995 United States | 909 websites |
 India | 710 websites |
 Germany | 532 websites |
 Turkey | 293 websites |
 Poland | 202 websites |
 GB | 196 websites |
 France | 173 websites |
 Cyprus | 153 websites |
 Italy | 135 websites |
 Romania | 111 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68995| .com | 2,389 websites |
| .de | 279 websites |
| .pl | 159 websites |
| .org | 116 websites |
| .co.uk | 103 websites |
| .net | 91 websites |
| .ru | 89 websites |
| .it | 86 websites |
| .fr | 69 websites |
| .com.au | 60 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68995
Top websites that are affected by CVE-2025-68995. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.**.cy | United States | **,*** | |
| ************.com | United States | **,*** | |
| *************************.com | GB | ***,*** | |
| *************.net | United States | ***,*** | |
| *****.com | Germany | ***,*** | |
| ***********************.in | India | ***,*** | |
| *******.pt |  Portugal | ***,*** | |
| ***********.***.tr | Turkey | ***,*** | |
| *************.com | India | ***,*** | |
| *******.com | France | ***,*** |
FAQ
A total of 5,057 websites have been identified as vulnerable to CVE-2025-68995, based on global website indexing conducted by WebTechSurvey.
The Mystickyelements is affected by the CVE-2025-68995 vulnerability.
Mystickyelements versions up to and including 2.3.3 are vulnerable to CVE-2025-68995.