CVE-2014-9454

🗓️ 02 Jan 2015 20:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

CSRF vulnerabilities in Simple Sticky Footer plugin allow remote attackers to hijack authentication of administrators for WordPress plugin settings and conduct XSS attacks.

Reporter	Title	Published	Views	Family All 7
CNVD	WordPress Plugin Simple Sticky Footer Has Multiple Cross-Site Request Forgery Vulnerabilities	8 Jan 201500:00	–	cnvd
Cvelist	CVE-2014-9454	2 Jan 201520:00	–	cvelist
EUVD	EUVD-2014-9274	7 Oct 202500:30	–	euvd
NVD	CVE-2014-9454	2 Jan 201520:59	–	nvd
Patchstack	WordPress Simple Sticky Footer Plugin <= 1.3.2 - Multiple CSRF and XSS	2 Jan 201500:00	–	patchstack
Prion	Cross site request forgery (csrf)	2 Jan 201520:59	–	prion
WPVulnDB	Simple Sticky Footer < 1.3.3 - Multiple CSRF	12 Dec 201400:00	–	wpvulndb

NVD

Node

simple_sticky_footer_project simple_sticky_footerRange≤1.3.2wordpress

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/99374
packetstormsecurity	www.packetstormsecurity.com/files/129503/WordPress-Simple-Sticky-Footer-1.3.2-CSRF-XSS.html
wordpress	www.wordpress.org/plugins/simple-sticky-footer/changelog/
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/99375

Parameter	Position	Path	Description	CWE
simple_sf_width	query param	wp-admin/themes.php	CSRF in Simple Sticky Footer plugin (<=1.3.2) allows remote attackers to hijack admin sessions by forging requests to wp-admin/themes.php via the simple-simple-sticky-footer page, affecting plugin settings and enabling XSS via the affected parameters.	CWE-352
simple_sf_style	query param	wp-admin/themes.php	CSRF in Simple Sticky Footer plugin (<=1.3.2) allows remote attackers to hijack admin sessions by forging requests to wp-admin/themes.php via the simple-simple-sticky-footer page, affecting plugin settings and enabling XSS via the affected parameters.	CWE-352

06 May 2026 22:30Current

6.8Medium risk

Vulners AI Score6.8

CVSS 26.8

EPSS0.00251

CWE-352