The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CPE | Name | Operator | Version |
---|---|---|---|
scrollrevealjs-effects | le | 1.2 |