This vulnerability in the Location Click Map plugin by Kiran Patil allows an attacker to inject and store malicious scripts due to improper input sanitization during web page generation. When a victim accesses the affected page, the stored script can execute, potentially leading to partial confidentiality, integrity, and availability impacts as indicated by the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). The issue affects versions up to 1.0. No patch or official fix information is currently available.

Successful exploitation can lead to stored cross-site scripting attacks, which may allow an attacker to execute arbitrary scripts in the context of the victim's browser session. This can result in partial compromise of confidentiality, integrity, and availability of the affected system or user data. The CVSS score of 6.5 reflects a medium severity impact with network attack vector, low attack complexity, requiring low privileges and user interaction, and scope change.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting use of the Location Click Map plugin to mitigate risk. Applying web application firewall (WAF) rules to detect and block XSS payloads may provide temporary mitigation. Monitor vendor channels for updates and patches.