The jd7777 Bible Embed plugin versions up to 0.0.4 contain a CSRF vulnerability that enables stored XSS attacks. An attacker can exploit this by tricking an authenticated user into submitting a crafted request, which results in malicious scripts being stored and executed in the context of the affected application. The vulnerability is network exploitable without privileges but requires user interaction. The CVSS vector indicates low attack complexity, no privileges required, but user interaction is necessary, and the impact affects confidentiality, integrity, and availability at a low level.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute arbitrary scripts in users' browsers, potentially leading to session hijacking, defacement, or other malicious actions. The confidentiality, integrity, and availability impacts are rated as low but combined justify a high severity rating. No known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should consider disabling or removing the vulnerable plugin to mitigate risk. Implementing standard CSRF protections and input sanitization may reduce exposure but are not confirmed as effective for this specific issue.