The leroysabrina Simple Social Share Block plugin versions up to 1.0.0 contain a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This vulnerability allows an attacker with low privileges and requiring user interaction to inject malicious scripts that execute in the context of other users, potentially compromising confidentiality, integrity, and availability of affected systems. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, and partial impact on confidentiality, integrity, and availability. No patch or official fix has been published by the vendor as of the provided data.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of users visiting the affected web pages, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the Simple Social Share Block plugin if feasible. Additionally, applying web application firewall (WAF) rules to detect and block XSS payloads may provide temporary mitigation. Monitor vendor channels for updates regarding patches or official fixes.