CVE-2021-24418

Public Exploit

Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning

Description

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog

References

Link	Tags
https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903db	third party advisory exploit
https://m0ze.ru/vulnerability/%5B2021-04-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.4.txt

Frequently Asked Questions

What is the severity of CVE-2021-24418?: CVE-2021-24418 has been scored as a medium severity vulnerability.
How to fix CVE-2021-24418?: To fix CVE-2021-24418, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24418 being actively exploited in the wild?: It is possible that CVE-2021-24418 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24418?: CVE-2021-24418 affects Mark Senff Smooth Scroll Page Up/Down Buttons.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions