The plugin does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
CPE | Name | Operator | Version |
---|---|---|---|
smooth-page-scroll-updown-buttons | eq | * |