Vulnerability Details CVE-2021-24331
The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads in them
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.6%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://m0ze.ru/vulnerability/%5B2021-04-24%5D-%5BWordPress%5D-%5BCWE-79%5D-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.3.txt
- https://wpscan.com/vulnerability/2c7ca586-def8-4723-b779-09d7f37fa1ab
- https://m0ze.ru/vulnerability/%5B2021-04-24%5D-%5BWordPress%5D-%5BCWE-79%5D-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.3.txt
- https://wpscan.com/vulnerability/2c7ca586-def8-4723-b779-09d7f37fa1ab
Products affected by CVE-2021-24331
-
cpe:2.3:a:smooth_scroll_page_up/down_buttons_project:smooth_scroll_page_up/down_buttons:1.0
-
cpe:2.3:a:smooth_scroll_page_up/down_buttons_project:smooth_scroll_page_up/down_buttons:1.1
-
cpe:2.3:a:smooth_scroll_page_up/down_buttons_project:smooth_scroll_page_up/down_buttons:1.2
-
cpe:2.3:a:smooth_scroll_page_up/down_buttons_project:smooth_scroll_page_up/down_buttons:1.2.1
-
cpe:2.3:a:smooth_scroll_page_up/down_buttons_project:smooth_scroll_page_up/down_buttons:1.3