WordPress Plugin Vulnerabilities

Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Proof of Concept

Affects Plugins

Plugin icon
vertical-scroll-recent-post
Fixed in 14.0

References

CVE
CVE-2022-1171

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
p7e4
Submitter
p7e4
Submitter website
https://github.com/p7e4
Submitter twitter
p7e4_
Verified
Yes
WPVDB ID
dc5eace4-542f-47e9-b870-a6aae6a38b0f

Timeline

Publicly Published
2022-04-26 (about 3 years ago)
Added
2022-04-26 (about 3 years ago)
Last Updated
2022-05-04 (about 3 years ago)

Other

Published
Title
Published
2024-10-31
Title
Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-08-16
Title
Captcha Them All < 1.4 - Admin+ Stored XSS
Published
2024-12-09
Title
Email Reminders < 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Published
2024-11-20
Title
ForumEngine < 1.9 - Reflected Cross-Site Scripting
Published
2024-07-09
Title
Simple Post Notes < 1.7.8 - Authenticated (Administrator+) Stored Cross-Site Scripting