This vulnerability involves improper input sanitization in the JC Custom Add to Cart Button Label and Link WooCommerce plugin, which allows stored cross-site scripting attacks. Attackers can inject malicious scripts that persist in the application and execute in the context of users' browsers when they view affected pages. The issue affects all versions up to 1.6.1. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low to low respectively, resulting in an overall medium severity. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation could allow attackers to execute arbitrary scripts in the context of users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions. The impact is rated medium based on the CVSS score of 6.5. There are no known exploits in the wild, and the vulnerability requires user interaction and some privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the affected plugin version. Applying strict input validation or sanitization at the application level may reduce risk. Monitor vendor channels for updates and apply patches promptly once available.