3 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attac...
CVE-2014-9454
The CVE-2014-9454 entry concerns the WordPress plugin Simple Sticky Footer (before version 1.3.3). Multiple CSRF vulnerabilities allow remote attackers to hijack administrator sessions and perform actions such as changing plugin settings, with additional potential XSS via the simple_sf_width and ...
WordPress Simple Sticky Footer Plugin <= 1.3.2 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...