Vulnerabilities > CVE-2021-24418 - Unspecified vulnerability in Smooth Scroll Page Up/Down Buttons Project Smooth Scroll Page Up/Down Buttons
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
Vulnerable Configurations
References
- https://m0ze.ru/vulnerability/%5B2021-04-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.4.txt
- https://m0ze.ru/vulnerability/%5B2021-04-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.4.txt
- https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903db
- https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903db