MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF

The plugin does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

WordPress plugin Scroll Baner 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Scroll Baner plugin in version 1.0 and...

WordPress Catch Scroll Progress Bar plugin <= 1.5 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Scroll Progress Bar plugin versions = 1.5. Solution Update the WordPress Catch Scroll Progress Bar plugin to the latest available version at least 1.6...

Scroll Baner <= 1.0 - CSRF to RCE

The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS PoC The PHP code will put in the file at...

WordPress Scroll Baner plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Remote Code Execution (RCE)

Cross-Site Request Forgery CSRF vulnerability leading to Remote Code Execution RCE discovered by Chuang Li in WordPress Scroll Baner plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 17, 2021 and is not available for download. Reason: Security Issue...

WordPress Catch Infinite Scroll plugin <= 1.8.1 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Infinite Scroll plugin versions = 1.8.1. Solution Update the WordPress Catch Infinite Scroll plugin to the latest available version at least 1.9...

EulerOS 2.0 SP2 : irssi (EulerOS-SA-2021-2386)

According to the version of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.CVE-2019-5882 Note that Tenable Network Security h...

WordPress WPFront Scroll Top Plugin < 2.0.7 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24564

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

Cross site scripting

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

CVE-2021-24564 WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

CVE-2021-24564

The CVE covers WPFront Scroll Top for WordPress, affected versions before 2.0.6.07225. Vulnerability: authenticated stored XSS due to unfiltered/unterminated sanitization of the Image ALT attribute when outputting it. Root cause: lack of sanitization/escaping in the ALT setting leads to script ex...

WordPress plugin WPFront Scroll Top 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. PoC Put the one of the payload below in the Image ALT setting of the plugin: The XSS...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-59595)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. Smooth Scroll Page Up/Down Buttons WordPress plugin...

CVE-2021-24418

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog...

Cross site scripting

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog...

CVE-2021-24418

The CVE-2021-24418 entry concerns the WordPress plugin “Smooth Scroll Page Up/Down Buttons” (version

Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning

The plugin does not properly sanitise and validate its psbpositioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog -- Payloads: $ m0ze"...