CVE-2025-28940 WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through = 2.0...

CVE-2025-28922 WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through = 0.0.8...

CVE-2025-23651 WordPress Scroll Top plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Scroll Top allows Reflected XSS. This issue affects Scroll Top: from n/a through 1.3.3...

WordPress plugin Scroll Top 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Scroll Top plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Scroll Top versions = 1.3.3...

WordPress plugin wp auto top 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Dynamic "To Top" Plugin 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Dynamic "To Top" Type Plugin Vulnerable versions 3.5.2 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-52494 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1de163c8a2a5 Credits UKO Required privilege Administrato...

PT-2022-18220 · WordPress · Cg Scroll To Top

Name of the Vulnerable Software and Affected Versions: Scroll To Top WordPress plugin versions prior to 1.4.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...

WordPress To Top plugin <= 2.2.2 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress To Top plugin versions = 2.2.2. Solution Update the WordPress To Top plugin to the latest available version at least 2.3...

Click to Top < 1.2.8 - Authenticated Stored Cross-Site Scripting

The Type scroll text field in the plugin settings page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the changes. It is triggered when a user loads any page on the website. All WordPress websites using Click to top WordPress Plugin...

Click to Top < 1.2.8 - Authenticated Stored Cross-Site Scripting

The Type scroll text field in the plugin settings page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the changes. It is triggered when a user loads any page on the website. All WordPress websites using Click to top WordPress Plugin...