Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbPark won seokWPVDB-ID:C6D3D308-4BF1-493F-86E9-DD623526E3C6
HistoryMar 21, 2022 - 12:00 a.m.

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

2022-03-2100:00:00
Park won seok
wpscan.com
21
plugin
cross-site scripting
admin
sanitise
escape
settings
unfiltered_html
capability
poc
payload
scroll speed
software

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PoC

Put the following payload in any text field settings of the plugin (for example Scroll Speed) and save: ">

Related

patchstack 1
wpexploit 1
cve 1
nvd 1
cvelist 1
prion 1
cnvd 1
patchstack
patchstack
WordPress Easy Smooth Scroll Links plugin <= 2.23.0 - Stored Cross-Site Scripting (XSS) vulnerability
2022-03-21 00:00:00
wpexploit
wpexploit
Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting
2022-03-21 00:00:00
cve
cve
CVE-2022-0728
2022-04-11 15:15:08
nvd
nvd
CVE-2022-0728
2022-04-11 15:15:08
cvelist
cvelist
CVE-2022-0728 Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting
2022-04-11 14:40:49
prion
prion
Cross site scripting
2022-04-11 15:15:00
cnvd
cnvd
WordPress Easy Smooth Scroll Links plugin cross-site scripting vulnerability
2022-03-24 00:00:00

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:C6D3D308-4BF1-493F-86E9-DD623526E3C6
patchstack1wpexploit1cve1nvd1cvelist1prion1cnvd1