CVE Catalog

CVE-2021-47982

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Summary

The WordPress Plugin WP-Paginate version 2.1.3 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter.

Risk Assessment

Attackers can submit POST requests to the plugin settings page with script payloads that are stored and executed when administrators view the settings, potentially leading to data theft or account takeover.

Recommendation

It is recommended to update the WP-Paginate plugin to the latest version to mitigate this vulnerability and to review and monitor the plugin settings for potential attacks.

Original NVD description (English source)

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS