Title: security problem
Last modified: April 14, 2023

---

# security problem

 *  [grahamclements](https://wordpress.org/support/users/grahamclements/)
 * (@grahamclements)
 * [3 years, 1 month ago](https://wordpress.org/support/topic/security-problem-35/)
 * Wordfence sent me this warning –
 * **Description**
 * The Oceanwp sticky header plugin for WordPress is vulnerable to Cross-Site Request
   Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect
   nonce validation on the settings_page function. This makes it possible for unauthenticated
   attackers to change the plugin’s style settings, via forged request granted they
   can trick a site administrator into performing an action such as clicking on 
   a link.
 * As this plugin has not been updated for a year, is it still supported?

The topic ‘security problem’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/sticky-header-oceanwp.svg)
 * [Oceanwp sticky header](https://wordpress.org/plugins/sticky-header-oceanwp/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/sticky-header-oceanwp/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/sticky-header-oceanwp/)
 * [Active Topics](https://wordpress.org/support/plugin/sticky-header-oceanwp/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/sticky-header-oceanwp/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/sticky-header-oceanwp/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [grahamclements](https://wordpress.org/support/users/grahamclements/)
 * Last activity: [3 years, 1 month ago](https://wordpress.org/support/topic/security-problem-35/)
 * Status: not resolved