# Exploit Title: WordPress Plugin ScrollReveal.js Effects - Stored Cross Site Scripting # Date: 25-04-2022 # Exploit Author: Mariam Tariq - Hunt3rsherlock_ # Vendor Homepage: https://wordpress.org/plugins/scrollrevealjs-effects/ # Version: 1.1.1 # Tested on: Firefox # Contact me: mariamtariq404@gmail.com # Vulnerable Code: ``` ``` # POC 1. Install ScrollReveal.js Effects WordPress plugin and activate. 2. Go to configuration and on vFactor field inject XSS payload “> 3. XSS will trigger. ## PoC Image https://imgur.com/a/uQRT2mD https://imgur.com/1BB80ep