The CF7 WOW Styler plugin for WordPress, developed by Saleswonder Team: Tobias, contains a reflected XSS vulnerability due to improper neutralization of script-related HTML tags in web pages. This vulnerability affects all versions up to 1.6.8 and allows an attacker to inject malicious scripts that execute when a user interacts with crafted input. The CVSS 3.1 score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or mitigation details are currently available from the vendor or advisory sources.

Successful exploitation of this reflected XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser session. This may lead to partial disclosure of sensitive information, modification of displayed content, or disruption of availability. The CVSS vector indicates that the attack can be performed remotely without privileges but requires user interaction. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the CF7 WOW Styler plugin if feasible. Additionally, applying web application firewall (WAF) rules that detect and block reflected XSS payloads may provide temporary protection. Monitor vendor channels for updates on patches or official mitigations.