This vulnerability in Autoglot – Automatic WordPress Translation plugin (versions ≤ 2.4.7) involves improper neutralization of input during web page generation, resulting in reflected cross-site scripting (XSS). An attacker can craft a malicious URL or input that causes the plugin to reflect and execute arbitrary scripts in the victim's browser. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. The vulnerability is published but no patch or official fix has been documented in the provided data.

Successful exploitation of this reflected XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to theft of user data, session hijacking, or other malicious actions. The impact is rated as limited confidentiality, integrity, and availability loss. There are no known exploits in the wild currently. The vulnerability affects the plugin's users who have versions up to 2.4.7 installed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the vulnerable plugin or applying any recommended temporary mitigations from the vendor. Monitoring for updates from the vendor or security advisories is advised.