CVE-2014-9454

Name of the Vulnerable Software and Affected Versions Simple Sticky Footer plugin versions prior to 1.3.3

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, including changing plugin settings via unspecified vectors. Additionally, they can conduct cross-site scripting (XSS) attacks via the simple sf width or simple sf style parameters in the "simple-simple-sticky-footer" page to "wp-admin/themes.php".

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "simple-simple-sticky-footer" page in wp-admin/themes.php to minimize the risk of exploitation. Avoid using the simple sf width and simple sf style parameters in the affected page until the issue is resolved.