This vulnerability (CWE-79) in AdTribes.io Product Feed PRO for WooCommerce allows an attacker to inject malicious scripts via reflected input that is not properly sanitized during web page generation. The affected versions include all releases up to 13.2.5. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes limited confidentiality, integrity, and availability loss. No vendor advisory or patch information is currently available.

Successful exploitation of this reflected XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The CVSS vector indicates the attack can be performed remotely without privileges but requires user interaction. The scope change indicates the vulnerability affects resources beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure by restricting access to the affected plugin or disabling it if feasible. Monitor official AdTribes.io channels for updates and apply patches promptly once available.