Unsanitized Settings in Smooth Scroll Page Up/Down Buttons WordPress Plugin Allows XSS Payload Injection

Unsanitized Settings in Smooth Scroll Page Up/Down Buttons WordPress Plugin Allows XSS Payload Injection

CVE-2021-24331 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psb_distance, psb_buttonsize, psb_speed, only validating them client side. This could allow high privilege users (such as admin) to set XSS payloads in them

Learn more about our Wordpress Pen Testing.