CVE-2021-36839: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2021-36839) is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress Social Media Follow Buttons Bar plugin versions 4.73 and below. The vulnerability was discovered and reported by Asif Nawaz Minhas, and was publicly disclosed on September 27, 2022 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges (administrator level), and user interaction for exploitation. The scope is changed, with low impact on confidentiality and integrity, and no impact on availability (NVD).

If exploited, this vulnerability could allow an authenticated attacker with administrative privileges to inject malicious scripts into the website. These scripts could be executed when visitors access the affected pages, potentially leading to redirects, unauthorized advertisements, and other malicious HTML payloads (Patchstack).

As of November 10, 2022, the plugin has been closed and is no longer available for download from the WordPress plugin repository due to guideline violations (WordPress). Users are advised to remove the plugin and find alternative solutions for social media integration.