The Weaver Themes Shortcode Compatibility plugin for WordPress suffers from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This vulnerability affects versions up to 1.0.4 and allows an attacker with low privileges to inject malicious scripts that can be executed in the context of other users, potentially leading to partial compromise of confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with a scope change and partial impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to information disclosure, modification of content, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting plugin usage to trusted users only and monitor for suspicious activity related to shortcode inputs. Avoid exposing the plugin's shortcode features to untrusted users. Follow updates from the vendor for an official patch or mitigation instructions.