CVE-2021-38355: 
WordPress vulnerability analysis and mitigation

The Bug Library WordPress plugin (versions up to and including 2.0.3) was identified with a Reflected Cross-Site Scripting vulnerability, tracked as CVE-2021-38355. The vulnerability was discovered and reported by Wordfence security researchers, with the initial CVE assignment date of August 9, 2021 (CVE MITRE).

The vulnerability exists in the successimportcount parameter within the ~/bug-library.php file, which allows attackers to inject arbitrary web scripts. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. It is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability could allow attackers to inject and execute malicious web scripts in the context of the affected WordPress site. This could potentially lead to theft of sensitive information or manipulation of web content when a user interacts with the injected scripts (NVD).

Users of the Bug Library WordPress plugin should upgrade to a version newer than 2.0.3 to address this vulnerability (Wordfence Advisory).