CVE-2021-34652: 
WordPress vulnerability analysis and mitigation

The Media Usage WordPress plugin (versions up to and including 0.0.4) was identified with a Reflected Cross-Site Scripting vulnerability, tracked as CVE-2021-34652. The vulnerability was discovered and reported by Wordfence, with the CVE being created on June 10, 2021, and published in the National Vulnerability Database on August 16, 2021 (NVD, CVE MITRE).

The vulnerability exists in the ~/mmu_admin.php file, specifically related to the 'id' parameter, which allows attackers to inject arbitrary web scripts. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 6.1 (MEDIUM), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Under CVSS v2.0, it received a Base Score of 4.3 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:N/I:P/A:N). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability allows attackers to inject arbitrary web scripts through the affected parameter. This could potentially lead to the compromise of user sessions, data theft, or manipulation of the website's content when successfully exploited (Wordfence Advisory).

Users of the Media Usage WordPress plugin should upgrade to a version newer than 0.0.4 if available, or consider removing the plugin if it's not essential to their operations (NVD).