CVE-2021-38354

Name of the Vulnerable Software and Affected Versions GNU-Mailman Integration WordPress plugin versions up to and including 1.0.6

Description The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm error parameter found in the ~/includes/admin/mailing-lists-page.php file, which allows attackers to inject arbitrary web scripts.

Recommendations For versions up to and including 1.0.6, update to a version later than 1.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the ~/includes/admin/mailing-lists-page.php file to minimize the risk of exploitation. Avoid using the gm error parameter in the affected file until the issue is resolved.