Vulnerabilities and security researches forwp-paginate wp-paginate

Jun 07, 2024

CVE, Research URL: CVE-2021-4222
Home page URL: Security reports for WP-Paginate
Application: WP-Paginate
Date: Feb 28, 2022
Research Description: The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Affected versions: max 2.1.4.
Status: vulnerable

CVE, Research URL: CVE-2022-2050
Home page URL: Security reports for WP-Paginate
Application: WP-Paginate
Date: Jul 11, 2022
Research Description: The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
Affected versions: max 2.1.9.
Status: vulnerable

Jun 10, 2026

CVE, Research URL: CVE-2021-47982
Home page URL: Security reports for WP-Paginate
Application: WP-Paginate
Date: Jun 08, 2026
Research Description: WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.
Affected versions: max 2.1.3.
Status: vulnerable