This vulnerability in HT Builder – WordPress Theme Builder for Elementor (<= 1.3.0) involves improper input neutralization during web page generation, leading to stored cross-site scripting (XSS). An attacker could inject malicious scripts that are stored and later executed in the browsers of users who view the affected content. The CVSS vector indicates the attack requires network access, low attack complexity, privileges, and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low-medium. No patch or official fix information is currently available.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to information disclosure, modification of content, or disruption of availability. The medium severity reflects moderate risk due to the requirement for user interaction and some privileges. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting privileges of users who can input content and apply standard WordPress security best practices relevant to XSS mitigation. Monitor vendor channels for updates regarding patches or official mitigations.