CVE-2021-47982

EUVD-2021-34848
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
maxfoundrywp-paginate
2.1.3
CNA
Common Weakness Enumeration
References
https://wordpress.org/plugins/wp-paginate/
https://www.exploit-db.com/exploits/49355
https://www.vulncheck.com/advisories/wordpress-plugin-wp-paginate-stored-xss-via-preset