Cross-Site Request Forgery Issues in Simple Sticky Footer WordPress Plugin
CVE-2014-9454

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Sticky Footer
Vendor: CVE Published:; 2 January 2015

What is CVE-2014-9454?

The Simple Sticky Footer plugin for WordPress is affected by multiple CSRF vulnerabilities. These weaknesses enable remote attackers to exploit users' sessions, particularly targeting administrators. Through unspecified vectors, attackers can modify plugin settings or execute cross-site scripting (XSS) attacks using parameters like simple_sf_width and simple_sf_style in requests made to the WordPress admin panel. This situation poses serious risks for site integrity and user data security, making timely updates and security measures essential.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99374

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/129503/WordPress-Sim...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/99375

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2015
Vulnerability Reserved
Jan 2, 2015

Wordpress

What is CVE-2014-9454?

References

Timeline