2 matches found
PT-2022-18220 · WordPress · Cg Scroll To Top
Name of the Vulnerable Software and Affected Versions: Scroll To Top WordPress plugin versions prior to 1.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...
Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...