CVE-2021-36848: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2021-36848) is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability affecting the Social Media Feather WordPress plugin versions 2.0.4 and earlier. The vulnerability was discovered and reported by Patchstack, and was fixed in version 2.0.5 (Patchstack Advisory).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 4.8 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) according to NVD, while Patchstack rates it as LOW with a score of 3.4 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability allows authenticated users with administrative privileges to inject malicious scripts into the website. When executed, these scripts could potentially be used to perform actions in the context of other users who view the affected pages (Patchstack Advisory).

Users are advised to update the Social Media Feather plugin to version 2.0.5 or later to remediate this vulnerability. The fix was released in version 2.0.5 which addresses the XSS issue (WordPress Plugin).