CVE-2021-38354: 
WordPress vulnerability analysis and mitigation

The GNU-Mailman Integration WordPress plugin (versions up to and including 1.0.6) was identified with a Reflected Cross-Site Scripting vulnerability (CVE-2021-38354). The vulnerability was discovered and disclosed on September 9, 2021, affecting the gm_error parameter in the ~/includes/admin/mailing-lists-page.php file (NVD, WPScan).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability allows attackers to inject arbitrary web scripts through the gm_error parameter, potentially leading to the execution of malicious JavaScript code in users' browsers. This could result in theft of sensitive information, session hijacking, or other client-side attacks (WPScan).

No known fix has been identified for this vulnerability as per the available information. Users of the GNU-Mailman Integration WordPress plugin should consider updating to a newer version if available or implementing alternative solutions (WPScan).