This vulnerability in Lenderd Mortgage Calculators WP arises from improper neutralization of input during web page generation, classified as CWE-79 (Cross-site Scripting). It allows stored XSS attacks, which can execute malicious scripts in the context of the affected web application. The issue affects versions through 1.56. The CVSS v3.1 base score is 6.5, reflecting network attack vector, low attack complexity, required privileges, user interaction, and partial impacts on confidentiality, integrity, and availability. No patch or official remediation level has been published yet.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of users interacting with the vulnerable plugin, potentially leading to partial disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting use of the affected plugin and apply web application firewall (WAF) rules to detect and block XSS payloads where possible. Monitor vendor channels for updates regarding patches or official mitigations.