PT-2026-39503 · WordPress · Wp Symposium Pro
Murat Demirci
·
Published
2026-05-10
·
Updated
2026-05-10
·
CVE-2021-47927
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Symposium Pro version 2021.10
Description
A stored cross-site scripting issue exists where authenticated attackers can inject malicious scripts due to insufficient sanitization of the forum name. Attackers can submit POST requests to the admin setup page using the
wps admin forum add name parameter to store JavaScript payloads that execute when the forum is accessed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Symposium Pro