CVE-2021-20749: 
WordPress vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was identified in the Fudousan plugin series, affecting multiple versions including Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier. The vulnerability was discovered by Yu Iwama of Secure Sky Technology Inc. and was disclosed on June 22, 2021 (JVN Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impacts on confidentiality and integrity (NVD).

When exploited, this vulnerability allows a remote authenticated attacker to inject arbitrary scripts via unspecified vectors. The successful exploitation could result in the execution of malicious scripts on the web browser of users who access the affected site (JVN Advisory).

Users are advised to update the plugin according to the information provided by the developer. The vendor has released security updates to address this vulnerability (JVN Advisory).