Vulnerability Details CVE-2019-7413
In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://metamorfosec.com/Files/Advisories/METS-2019-004-A_XSS_Vulnerability_in_Parallax_Scroll_plugin_before_v2.1_for_WordPress.txt
- https://plugins.trac.wordpress.org/changeset/2024194/
- https://metamorfosec.com/Files/Advisories/METS-2019-004-A_XSS_Vulnerability_in_Parallax_Scroll_plugin_before_v2.1_for_WordPress.txt
- https://plugins.trac.wordpress.org/changeset/2024194/
Products affected by CVE-2019-7413
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:0.1
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:0.2
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:0.3
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:0.4
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:1.0
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:1.1
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:1.2
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:1.3
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:1.4
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:2.0
-
cpe:2.3:a:parallax_scroll_project:parallax_scroll:2.0.1