This vulnerability in codingkart's Woo Update Variations In Cart plugin (versions up to 0.0.9) involves improper neutralization of input during web page generation, leading to stored cross-site scripting (XSS). An attacker with low privileges and requiring user interaction could exploit this to execute arbitrary scripts in the context of affected users, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users interacting with the vulnerable plugin, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated as medium severity with partial impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the affected plugin and monitor for suspicious activity. Avoid interacting with untrusted input in the plugin's context. Follow vendor updates closely for any released patches or official mitigations.