cleantalk
Vulnerabilities and Security Researches

Simple Sticky Footer, CVE-2014-9454

CVE, Research URL

CVE-2014-9454

Home page URL

Security reports for Simple Sticky Footer

Application

Simple Sticky Footer

Published on
Jan 03, 2015
Research Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.
Affected versions
Min -, max 1.3.3.
Status
vulnerable
Previous vulnerability researches
Simple Sticky Footer (CVE-2014-9454) , Jun 07, 2024
Simple Sticky Footer (CVE-2025-50019) , Jun 24, 2025
New vulnerability
Automatically Hierarchic Categories in Menu (CVE-2025-50048) , Jun 24, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49996) , Jun 24, 2025
Video List Manager (CVE-2025-49986) , Jun 24, 2025
Video List Manager (CVE-2025-52821) , Jun 24, 2025
Modern Footnotes (CVE-2025-50049) , Jun 24, 2025