Headline
CVE-2022-1512: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting ≈ Packet Storm
The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
# Exploit Title: WordPress Plugin ScrollReveal.js Effects - Stored Cross Site Scripting# Date: 25-04-2022# Exploit Author: Mariam Tariq - Hunt3rsherlock_# Vendor Homepage: https://wordpress.org/plugins/scrollrevealjs-effects/# Version: 1.1.1# Tested on: Firefox# Contact me: [email protected]# Vulnerable Code: ``` <input id="src-opacity" type="text" name="sr_config[vFactor]" value="<?phpecho $options['vFactor']; ?>" placeholder="Element ratio in float" />```# POC1. Install ScrollReveal.js Effects WordPress plugin and activate.2. Go to configuration and on vFactor field inject XSS payload “><img src=xonerror=alert(‘’XSS>3. XSS will trigger.## PoC Imagehttps://imgur.com/a/uQRT2mDhttps://imgur.com/1BB80ep