Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:20
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/129503/WordPress-Simple-Sticky-Footer-1.3.2-CSRF-XSS.html - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/99374 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/99375 - | |
References | () https://wordpress.org/plugins/simple-sticky-footer/changelog/ - Patch, Vendor Advisory |
Information
Published : 2015-01-02 20:59
Updated : 2024-11-21 02:20
NVD link : CVE-2014-9454
Mitre link : CVE-2014-9454
CVE.ORG link : CVE-2014-9454
JSON object : View
Products Affected
simple_sticky_footer_project
- simple_sticky_footer
CWE
CWE-352
Cross-Site Request Forgery (CSRF)