This vulnerability in Compact WP Audio Player (up to version 1.9.9) is due to improper input sanitization during web page generation, classified as CWE-79 (Cross-site Scripting). It allows stored XSS attacks, where malicious scripts can be injected and persist in the application. The CVSS 3.1 vector indicates the attack requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low-medium. No official fix or vendor advisory is currently available, and the plugin is not a cloud service, so remediation depends on the vendor releasing an update.

Successful exploitation allows an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to theft of user data, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability. The impact is rated medium severity with partial impact on all three security properties. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is released, users should consider restricting plugin usage to trusted users only and monitor for suspicious activity. Avoid exposing the plugin to untrusted users or inputs. No official fix or temporary workaround has been provided yet.