CVE-2024-10040

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-24865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3...

CVE-2024-34426

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5...

CVE-2024-11442

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-47671

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0...

CVE-2023-46095

Cross-Site Request Forgery CSRF vulnerability in Chetan Gole Smooth Scroll Links SSL plugin = 1.1.0 versions...

CVE-2023-50874

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1...

CVE-2023-5428

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2022-1171

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

CVE-2021-24642

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS...

CVE-2021-24331

The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psbdistance, psbbuttonsize, psbspeed, only validating them client side. This could allow high privilege users such as admin to set XSS payloads in them...

CVE-2021-24418

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog...

CVE-2021-24852

The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-24564

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

WordPress plugin Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-27988

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vgacon scroll function, where a check for the vc origin address range has been added. The vulnerabili...

CVE-2025-22774

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through = 1.0.1...

CVE-2025-22774 WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through = 1.0.1...

CVE-2025-22774

CVE-2025-22774 is a reflected XSS in the WordPress plugin CRUDLab Scroll to Top (versions up to 1.0.1). Technical details: affected software is CRUDLab Scroll to Top; vulnerability class is Cross-Site Scripting (Reflected). CVSS3.1 base score is 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Root cau...

CVE-2025-22774 WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through = 1.0.1...