WordPress Plugin Social Sticky Animated contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Social Sticky Animated version 1.0 is vulnerable.
Disable the plugin until a fix is available
WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)
WordPress 5.4.x Prototype Pollution (5.4 - 5.4.9)
WordPress Plugin Wonder Video Embed Cross-Site Scripting (1.7)
WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)
WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)