CVE-2021-47927
Stored XSS in WP Symposium Pro Plugin via Forum Name Parameter
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_symposium | wp_symposium_pro | 2021.10 |
| wp_symposium_pro | wp_symposium_pro | to 2021.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in WordPress Plugin WP Symposium Pro 2021.10 is a stored cross-site scripting (XSS) flaw. It occurs because the plugin does not properly sanitize the forum name parameter. Authenticated attackers can exploit this by sending POST requests to the admin setup page with malicious JavaScript code embedded in the wps_admin_forum_add_name parameter. This malicious code is then stored by the plugin and executed whenever the forum is accessed by users.
How can this vulnerability impact me? :
This vulnerability allows attackers with authenticated access to inject and store malicious scripts within the forum name. When other users access the forum, the malicious scripts execute in their browsers, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of the users. This can compromise user accounts and the integrity of the website.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring POST requests to the admin setup page of the WP Symposium Pro plugin, specifically looking for the parameter wps_admin_forum_add_name containing suspicious JavaScript payloads.
A practical approach is to inspect HTTP POST traffic targeting the admin setup page for the presence of script tags or JavaScript code in the wps_admin_forum_add_name parameter.
For example, using command-line tools like curl or grep on server logs can help identify suspicious inputs.
- Use grep to search web server logs for suspicious POST data: grep -i 'wps_admin_forum_add_name=.*<script' /path/to/access.log
- Use curl to simulate a POST request with a test script payload to verify if the system is vulnerable: curl -X POST -d 'wps_admin_forum_add_name=<script>alert(1)</script>' https://yourwordpresssite.com/wp-admin/admin-setup-page
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the admin setup page to trusted users only, as the vulnerability requires authenticated access.
Additionally, review and sanitize all inputs to the wps_admin_forum_add_name parameter to prevent injection of malicious scripts.
If possible, update the WP Symposium Pro plugin to a version that addresses this vulnerability or consider disabling the plugin entirely, especially since it has been permanently closed by its author.
Monitor and remove any malicious forum names that may have been injected already.