The PDF Catalog Woocommerce plugin by theme funda suffers from a DOM-based Cross-site Scripting vulnerability due to improper input neutralization during web page generation. This affects all versions up to and including 2.0. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. Exploitation requires network access, low attack complexity, low privileges, and user interaction, with a scope change and partial impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently provided.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The impact is limited by the requirement for user interaction and low privileges, but the scope change indicates the vulnerability affects components beyond the initially vulnerable code.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider limiting exposure by restricting access to the affected plugin and monitoring for suspicious activity related to DOM-based XSS. Avoid enabling untrusted user input in contexts that generate web pages. No official patch or workaround has been published at this time.