Vulnerability Description
The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smooth Scroll Page Up\/Down Buttons Project | Smooth Scroll Page Up\/Down Buttons | <= 1.4 |
Related Weaknesses (CWE)
References
- https://m0ze.ru/vulnerability/%5B2021-04-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Smoo
- https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903dbExploitThird Party Advisory
- https://m0ze.ru/vulnerability/%5B2021-04-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Smoo
- https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903dbExploitThird Party Advisory
FAQ
What is CVE-2021-24418?
CVE-2021-24418 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payl...
How severe is CVE-2021-24418?
CVE-2021-24418 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24418?
Check the references section above for vendor advisories and patch information. Affected products include: Smooth Scroll Page Up\/Down Buttons Project Smooth Scroll Page Up\/Down Buttons.