PT-2026-39503 · WordPress · Wp Symposium Pro

Murat Demirci

·

Published

2026-05-10

·

Updated

2026-05-10

·

CVE-2021-47927

CVSS v3.1

6.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions WP Symposium Pro version 2021.10
Description A stored cross-site scripting issue exists where authenticated attackers can inject malicious scripts due to insufficient sanitization of the forum name. Attackers can submit POST requests to the admin setup page using the wps admin forum add name parameter to store JavaScript payloads that execute when the forum is accessed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2021-47927

Affected Products

Wp Symposium Pro