This vulnerability (CWE-862) in Ali2Woo Lite arises from missing authorization checks caused by incorrectly configured access control security levels. It allows an attacker with some privileges to exploit stored XSS, potentially leading to unauthorized actions affecting the application. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, required privileges, user interaction, and impacts on confidentiality, integrity, and availability. The affected versions include all versions up to 3.3.5.

Exploitation of this vulnerability can lead to unauthorized access or actions within the Ali2Woo Lite plugin, including stored XSS attacks that may compromise user data confidentiality, integrity, and availability. The CVSS score indicates a medium level of risk. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor vendor communications for updates and consider restricting access privileges to minimize risk. No vendor-provided mitigation or temporary fix is currently documented.