CVE-2021-24418

CVE-2021-24418: Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning

Vendor Mark Senff

Product Smooth Scroll Page Up/Down Buttons

Weakness CWE-79 · XSS

Published July 12, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog

Key dates

02Disclosure timeline

July 12, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24418 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-27986 WordPress Livemesh Addons for Elementor Plugin <= 8.3.5 is vulnerable to Cross Site Scripting (XSS) CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page CVE-2024-10414 PHPGurukul Vehicle Record System edit-brand.php cross site scripting CVE-2025-39516 WordPress Author WIP Progress Bar plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability CVE-2023-5950 Rapid7 Velociraptor Reflected XSS