CVE-2021-34650: 
WordPress vulnerability analysis and mitigation

The eID Easy WordPress plugin (also known as smart-id) was found to contain a Reflected Cross-Site Scripting vulnerability, identified as CVE-2021-34650. The vulnerability was present in versions up to and including 4.6, affecting the error parameter in the admin.php file. This security issue was discovered and reported by Wordfence, with the CVE being assigned on June 10, 2021 (CVE MITRE).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue that exists in the error parameter found in the ~/admin.php file. The flaw stems from insufficient input validation, which allows attackers to inject arbitrary web scripts into the application. The vulnerability has been assigned a CVSS Score of 6.1 (medium severity) and is categorized under CWE-79 (WPScan).

When exploited, this vulnerability allows attackers to inject and execute arbitrary web scripts in the context of the affected WordPress installation. This could potentially lead to theft of sensitive data, manipulation of website content, or compromise of administrator sessions (Wordfence Advisories).

Users of the eID Easy WordPress plugin should upgrade to a version newer than 4.6 to address this vulnerability. If immediate updating is not possible, it is recommended to implement additional input validation and sanitization at the web application firewall level (Wordfence Advisories).