This vulnerability in demixpress (dp) AddThis plugin allows an attacker to inject and store malicious scripts due to improper input sanitization during web page generation. When a victim loads the affected page, the stored script executes, potentially leading to information disclosure, session hijacking, or other impacts consistent with stored XSS. The issue affects all versions up to 1.0.2. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requires privileges and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low and low respectively.

Successful exploitation can lead to execution of arbitrary scripts in the context of the affected web application, potentially allowing attackers to steal user credentials, perform actions on behalf of users, or disrupt application availability. The impact is rated medium severity based on the CVSS score of 6.5. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the use of the (dp) AddThis plugin to prevent exploitation. Implementing web application firewalls (WAF) with XSS filtering may provide temporary mitigation. Monitor vendor channels for updates and apply patches promptly once released.