This vulnerability in the Super Store Finder plugin for WordPress (versions ≤ 6.9.7) involves improper input sanitization during web page generation, allowing an attacker to inject and execute arbitrary scripts (cross-site scripting). The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. No patch or official fix information is provided in the available data.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to data disclosure, modification, or disruption of availability. The vulnerability impacts confidentiality, integrity, and availability as indicated by the CVSS vector. However, no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with this plugin and consider disabling or restricting its use to trusted users only. Monitor vendor channels for updates or patches addressing this vulnerability.