CVE-2021-38350: 
WordPress vulnerability analysis and mitigation

The spideranalyse WordPress plugin (versions up to and including 0.0.1) was identified with a Reflected Cross-Site Scripting vulnerability, tracked as CVE-2021-38350. The vulnerability was discovered and reported by Wordfence on August 9, 2021, and was publicly disclosed on September 10, 2021. The security flaw exists in the date parameter within the ~/analyse/index.php file, which could allow attackers to inject arbitrary web scripts (NVD, CVE Mitre).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 Base Score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The CVSS v2.0 Base Score is 4.3 (Medium) with the vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) (NVD).

The vulnerability allows attackers to inject arbitrary web scripts through the date parameter, potentially leading to the execution of malicious code in users' browsers. The CVSS scores indicate that while the vulnerability has a moderate severity, it requires user interaction and can result in limited confidentiality and integrity impacts, with no availability impact (NVD).

Users of the spideranalyse WordPress plugin should upgrade to a version newer than 0.0.1 if available, or consider removing the plugin if it's not essential to their operations (Wordfence Advisory).