Lucene search
Asif Nawaz MinhasWPEX-ID:F730F584-2370-49F9-A094-A5BC521671C1HistoryAug 23, 2022 - 12:00 a.m.
Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
2022-08-2300:00:00
Asif Nawaz Minhas
247
0.001 Low
EPSS
Percentile
24.9%
The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the "Text" settings of the plugin and save: "autofocus onfocus=alert(/XSS/)//
The XSS will be triggered when accessing the settings againRelated
patchstack
patchstack
nvd
nvd
CVE-2022-2710
2022-09-19 14:15:10
wpvulndb
wpvulndb
Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
2022-08-23 00:00:00
prion
prion
Cross site scripting
2022-09-19 14:15:00
cvelist
cvelist
CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
2022-09-19 14:00:59
cve
cve
CVE-2022-2710
2022-09-19 14:15:10