CVE-2021-47927

MEDIUM

WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47927. PoCs published by Murat DEMİRCİ.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WP Symposium Pro 2021.10 by injecting malicious JavaScript via the 'wps_admin_forum_add_name' parameter. The payload is executed when a user accesses the created forum.

Description

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with JavaScript payloads in the wps_admin_forum_add_name parameter, which are stored and executed when the forum is accessed.

Exploits (1)

exploitdb WORKING POC
by Murat DEMİRCİ · textwebappsphp
https://www.exploit-db.com/exploits/50514

This exploit demonstrates a stored XSS vulnerability in WP Symposium Pro 2021.10 by injecting malicious JavaScript via the 'wps_admin_forum_add_name' parameter. The payload is executed when a user accesses the created forum.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WP Symposium Pro 2021.10
Auth required
Prerequisites: Admin access to WordPress · WP Symposium Pro plugin installed and activated
devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-50514
https://www.exploit-db.com/exploits/50514
Product product
Official Product Homepage
http://www.wpsymposiumpro.com/
Product product
Product Reference
https://wordpress.org/plugins/wp-symposium-pro/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin WP Symposium Pro 2021.10 Stored XSS via wps_admin_forum_add_name
https://www.vulncheck.com/advisories/wordpress-plugin-wp-symposium-pro-stored-xss-via-wps-admin-forum-add-name

Scores

CVSS v3 6.4
EPSS 0.0019
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Wpsymposiumpro/WP Symposium Pro 2021.10
Published May 10, 2026
Tracked Since May 10, 2026