CVE-2021-38316: CWE-79 Cross-site Scripting (XSS) in WP Academic People List WP Academic People List
The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1.
AI Analysis
Technical Summary
CVE-2021-38316 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the WP Academic People List WordPress plugin, specifically affecting versions up to and including 0.4.1. The vulnerability arises from improper sanitization of the 'category_name' parameter in the ~/admin-panel.php file. An attacker can craft a malicious URL containing a payload in this parameter, which when accessed by an administrator or user with access to the plugin's admin panel, results in the execution of arbitrary JavaScript code within the victim's browser context. This type of vulnerability falls under CWE-79, which is a common web application security weakness allowing injection of client-side scripts. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without privileges, requires user interaction (the victim must click a crafted link), and affects confidentiality and integrity with a scope change, but does not impact availability. No known exploits are reported in the wild, and no official patches are linked, suggesting that mitigation may rely on plugin updates or manual code fixes. The vulnerability is particularly relevant for WordPress sites using this plugin, which is designed to manage academic personnel listings, often deployed by educational institutions or research organizations.
Potential Impact
For European organizations, especially universities, research institutes, and academic departments that use WordPress with the WP Academic People List plugin, this vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed in the context of an authenticated user. Since the vulnerability requires user interaction and targets the admin panel, the impact is primarily on administrative users who manage academic personnel data. Exploitation could lead to leakage of sensitive information about staff or students, manipulation of displayed data, or further pivoting within the network if combined with other vulnerabilities. Given the plugin's niche use in academic environments, the impact is more focused but still significant for affected entities. Additionally, the reflected XSS could be used as a vector for phishing attacks or to deliver malware payloads, increasing the risk profile. The medium severity rating reflects the moderate ease of exploitation and limited scope of impact, but the potential for confidentiality and integrity compromise remains a concern.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the WP Academic People List plugin, particularly version 0.4.1 or earlier. Since no official patch links are provided, administrators should check for plugin updates from the vendor or community repositories that address this vulnerability. If no update is available, manual mitigation steps include sanitizing and validating the 'category_name' parameter in the plugin's admin-panel.php file to neutralize script injection vectors. Employing Web Application Firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting this parameter can provide interim protection. Additionally, organizations should enforce strict access controls to the WordPress admin panel, use multi-factor authentication for administrators, and conduct user training to recognize suspicious URLs. Regular security audits and monitoring for unusual admin panel activity can help detect exploitation attempts. Finally, consider isolating or replacing the plugin with alternative solutions that have a stronger security track record.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Poland, Austria
CVE-2021-38316: CWE-79 Cross-site Scripting (XSS) in WP Academic People List WP Academic People List
Description
The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1.
AI-Powered Analysis
Technical Analysis
CVE-2021-38316 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the WP Academic People List WordPress plugin, specifically affecting versions up to and including 0.4.1. The vulnerability arises from improper sanitization of the 'category_name' parameter in the ~/admin-panel.php file. An attacker can craft a malicious URL containing a payload in this parameter, which when accessed by an administrator or user with access to the plugin's admin panel, results in the execution of arbitrary JavaScript code within the victim's browser context. This type of vulnerability falls under CWE-79, which is a common web application security weakness allowing injection of client-side scripts. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without privileges, requires user interaction (the victim must click a crafted link), and affects confidentiality and integrity with a scope change, but does not impact availability. No known exploits are reported in the wild, and no official patches are linked, suggesting that mitigation may rely on plugin updates or manual code fixes. The vulnerability is particularly relevant for WordPress sites using this plugin, which is designed to manage academic personnel listings, often deployed by educational institutions or research organizations.
Potential Impact
For European organizations, especially universities, research institutes, and academic departments that use WordPress with the WP Academic People List plugin, this vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed in the context of an authenticated user. Since the vulnerability requires user interaction and targets the admin panel, the impact is primarily on administrative users who manage academic personnel data. Exploitation could lead to leakage of sensitive information about staff or students, manipulation of displayed data, or further pivoting within the network if combined with other vulnerabilities. Given the plugin's niche use in academic environments, the impact is more focused but still significant for affected entities. Additionally, the reflected XSS could be used as a vector for phishing attacks or to deliver malware payloads, increasing the risk profile. The medium severity rating reflects the moderate ease of exploitation and limited scope of impact, but the potential for confidentiality and integrity compromise remains a concern.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the WP Academic People List plugin, particularly version 0.4.1 or earlier. Since no official patch links are provided, administrators should check for plugin updates from the vendor or community repositories that address this vulnerability. If no update is available, manual mitigation steps include sanitizing and validating the 'category_name' parameter in the plugin's admin-panel.php file to neutralize script injection vectors. Employing Web Application Firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting this parameter can provide interim protection. Additionally, organizations should enforce strict access controls to the WordPress admin panel, use multi-factor authentication for administrators, and conduct user training to recognize suspicious URLs. Regular security audits and monitoring for unusual admin panel activity can help detect exploitation attempts. Finally, consider isolating or replacing the plugin with alternative solutions that have a stronger security track record.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2021-08-09T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981dc4522896dcbdaf87
Added to database: 5/21/2025, 9:08:45 AM
Last enriched: 7/6/2025, 8:40:49 PM
Last updated: 8/15/2025, 3:19:36 AM
Views: 18
Related Threats
CVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.