The Simple Travel Map plugin version 0.1 and earlier contains a CSRF vulnerability that can be exploited to inject stored XSS payloads. This vulnerability enables attackers to trick authenticated users into executing unwanted actions, which may result in persistent malicious scripts being stored and executed within the application context. The CVSS 3.1 score of 7.1 reflects network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability with scope changed.

Successful exploitation of this vulnerability can lead to stored XSS attacks, allowing attackers to execute arbitrary scripts in the context of authenticated users. This can compromise user data confidentiality, integrity, and availability of the affected application. The CSRF aspect means attackers can induce users to perform unintended actions without their consent, potentially escalating the impact.

No official patch or remediation has been disclosed by the vendor at this time. Users should monitor the vendor's advisory channels for updates. Until a fix is available, consider implementing additional CSRF protections such as verifying anti-CSRF tokens and restricting actions to trusted users. Avoid using affected versions in sensitive environments.