Medium severity6.4NVD Advisory· Published May 10, 2026· Updated May 12, 2026

CVE-2021-47927

Description

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with JavaScript payloads in the wps_admin_forum_add_name parameter, which are stored and executed when the forum is accessed.

Affected products

WordPress/Wp Symposium Proreferences
Package: https://wordpress.org/plugins/wp-symposium-pro

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wpsymposiumpro.comnvd
wordpress.org/plugins/wp-symposium-pro/nvd
www.exploit-db.com/exploits/50514nvd
www.vulncheck.com/advisories/wordpress-plugin-wp-symposium-pro-stored-xss-via-wps-admin-forum-add-namenvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000