Skip to main content

CVE-2021-38316: CWE-79 Cross-site Scripting (XSS) in WP Academic People List WP Academic People List

Medium
VulnerabilityCVE-2021-38316cvecve-2021-38316cwe-79
Published: Thu Sep 09 2021 (09/09/2021, 18:09:41 UTC)
Source: CVE
Vendor/Project: WP Academic People List
Product: WP Academic People List

Description

The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1.

AI-Powered Analysis

AILast updated: 07/06/2025, 20:40:49 UTC

Technical Analysis

CVE-2021-38316 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the WP Academic People List WordPress plugin, specifically affecting versions up to and including 0.4.1. The vulnerability arises from improper sanitization of the 'category_name' parameter in the ~/admin-panel.php file. An attacker can craft a malicious URL containing a payload in this parameter, which when accessed by an administrator or user with access to the plugin's admin panel, results in the execution of arbitrary JavaScript code within the victim's browser context. This type of vulnerability falls under CWE-79, which is a common web application security weakness allowing injection of client-side scripts. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without privileges, requires user interaction (the victim must click a crafted link), and affects confidentiality and integrity with a scope change, but does not impact availability. No known exploits are reported in the wild, and no official patches are linked, suggesting that mitigation may rely on plugin updates or manual code fixes. The vulnerability is particularly relevant for WordPress sites using this plugin, which is designed to manage academic personnel listings, often deployed by educational institutions or research organizations.

Potential Impact

For European organizations, especially universities, research institutes, and academic departments that use WordPress with the WP Academic People List plugin, this vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed in the context of an authenticated user. Since the vulnerability requires user interaction and targets the admin panel, the impact is primarily on administrative users who manage academic personnel data. Exploitation could lead to leakage of sensitive information about staff or students, manipulation of displayed data, or further pivoting within the network if combined with other vulnerabilities. Given the plugin's niche use in academic environments, the impact is more focused but still significant for affected entities. Additionally, the reflected XSS could be used as a vector for phishing attacks or to deliver malware payloads, increasing the risk profile. The medium severity rating reflects the moderate ease of exploitation and limited scope of impact, but the potential for confidentiality and integrity compromise remains a concern.

Mitigation Recommendations

European organizations should immediately verify if their WordPress installations use the WP Academic People List plugin, particularly version 0.4.1 or earlier. Since no official patch links are provided, administrators should check for plugin updates from the vendor or community repositories that address this vulnerability. If no update is available, manual mitigation steps include sanitizing and validating the 'category_name' parameter in the plugin's admin-panel.php file to neutralize script injection vectors. Employing Web Application Firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting this parameter can provide interim protection. Additionally, organizations should enforce strict access controls to the WordPress admin panel, use multi-factor authentication for administrators, and conduct user training to recognize suspicious URLs. Regular security audits and monitoring for unusual admin panel activity can help detect exploitation attempts. Finally, consider isolating or replacing the plugin with alternative solutions that have a stronger security track record.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2021-08-09T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdaf87

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 7/6/2025, 8:40:49 PM

Last updated: 8/15/2025, 3:19:36 AM

Views: 18

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats