CVE-2025-8152 is a medium-severity vulnerability affecting the WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress, developed by blendmedia. The vulnerability arises from a missing authorization check (CWE-862) in two key functions: 'update_cta_status' and 'change_sticky_sidebar_name'. These functions are responsible for updating the status of sticky call-to-action elements and modifying the displayed name in the plugin's back-end dashboard. Due to the lack of capability checks, unauthenticated attackers can invoke these functions remotely without any privilege or user interaction, allowing them to alter the status of sticky CTAs and rename sidebar elements within the WordPress admin interface. While this does not directly compromise confidentiality or availability, it impacts the integrity of the plugin's configuration and potentially the website's user interface or marketing content. The CVSS 3.1 base score is 5.3 (medium), reflecting that the attack vector is network-based, requires no privileges or user interaction, and impacts integrity only. No known exploits are currently in the wild, and no patches have been published yet. This vulnerability affects all versions up to and including 1.7.0 of the WP CTA plugin. The flaw could be exploited by automated scripts or attackers scanning for vulnerable WordPress sites, enabling unauthorized modification of call-to-action elements that could mislead users or disrupt marketing efforts.

For European organizations using WordPress with the WP CTA plugin, this vulnerability could lead to unauthorized changes in website call-to-action elements, potentially damaging brand reputation or misleading visitors. Although it does not allow data theft or site takeover, attackers could manipulate marketing content, which may affect customer trust and conversion rates. Organizations in sectors relying heavily on online marketing and user engagement—such as e-commerce, media, and services—may experience indirect financial impact due to altered CTAs. Additionally, unauthorized changes could be used as a foothold for further social engineering or phishing campaigns by modifying visible elements to redirect users to malicious sites. Since the vulnerability requires no authentication and can be exploited remotely, the risk of automated exploitation exists once public details become widespread. However, the absence of known exploits and the medium severity score suggest the immediate risk is moderate but should not be ignored.

European organizations should immediately audit their WordPress installations for the presence of the WP CTA plugin and verify the version in use. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. If disabling is not feasible, restricting access to the WordPress admin dashboard via IP whitelisting, VPNs, or web application firewalls (WAFs) can reduce attack surface. Monitoring web server logs for suspicious POST requests targeting the vulnerable functions can help detect exploitation attempts. Organizations should also implement strict role-based access controls and ensure that only trusted users have administrative privileges. Once a patch is available, prompt application is critical. Additionally, consider deploying security plugins that can detect unauthorized changes to plugin configurations or website content. Regular backups of website data and configurations will facilitate recovery if unauthorized modifications occur.