CVE-2021-47982

MEDIUM 6.4

WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

CVSS Score

6.4

EPSS Score

0.0%

EPSS Percentile

0th

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.

CWE	CWE-79
Vendor	maxfoundry
Product	wp-paginate
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for maxfoundry wp-paginate

Be the first to know when new medium vulnerabilities affecting maxfoundry wp-paginate are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

maxfoundry / WP-Paginate

2.1.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49355 wordpress.org: https://wordpress.org/plugins/wp-paginate/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-wp-paginate-stored-xss-via-preset

Credits

Park Won Seok