security problem

  • Wordfence sent me this warning –

    Description

    The Oceanwp sticky header plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for unauthenticated attackers to change the plugin’s style settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

    As this plugin has not been updated for a year, is it still supported?

  • The topic ‘security problem’ is closed to new replies.