CVE-2022-2710

CVE-2022-2710: Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Scroll To Top

Weakness CWE-79 · XSS

Published September 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

September 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2710

Related vulnerabilities

04Related CVE

CVE-2024-8786 Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting CVE-2025-26536 WordPress Another Events Calendar Plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-21314 XSS injection on ticket update CVE-2023-1111 FastCMS New Article Tab cross site scripting CVE-2024-11379 Broadcast <= 51.01 - Reflected Cross-Site Scripting