Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-01-02T20:00:00
Updated: 2024-08-06T13:47:40.977Z
Reserved: 2015-01-02T00:00:00
Link: CVE-2014-9454
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-02T20:59:14.057
Modified: 2024-11-21T02:20:55.727
Link: CVE-2014-9454
Redhat
No data.