CVE-2021-47982

MEDIUM

WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47982. PoCs published by Park Won Seok.

AI-analyzed exploit summary This is a functional proof-of-concept for a stored XSS vulnerability in the WordPress WP-Paginate plugin (version 2.1.3). The exploit demonstrates how an attacker can inject malicious JavaScript via the 'preset' parameter, which is then stored and executed in the context of an admin user's session.

Description

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.

Exploits (1)

exploitdb WORKING POC
by Park Won Seok · textwebappsphp
https://www.exploit-db.com/exploits/49355

This is a functional proof-of-concept for a stored XSS vulnerability in the WordPress WP-Paginate plugin (version 2.1.3). The exploit demonstrates how an attacker can inject malicious JavaScript via the 'preset' parameter, which is then stored and executed in the context of an admin user's session.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin WP-Paginate 2.1.3
Auth required
Prerequisites: WordPress admin access · WP-Paginate plugin version 2.1.3 installed
devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-49355
https://www.exploit-db.com/exploits/49355
Product product
Product Reference
https://wordpress.org/plugins/wp-paginate/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset
https://www.vulncheck.com/advisories/wordpress-plugin-wp-paginate-stored-xss-via-preset

Scores

CVSS v3 6.4
EPSS 0.0019
EPSS Percentile 8.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
maxfoundry/WP-Paginate 2.1.3
Published Jun 08, 2026
Tracked Since Jun 08, 2026