Cross-Site Request Forgery (CSRF) vulnerability leading to a header style change discovered by Rasi Afeef (Patchstack Alliance) in WordPress Oceanwp sticky header plugin (versions <= 1.0.8).
No patched version is available. No reply from the vendor.