The xdark Easy Related Posts plugin versions up to 2.0.2 contain a CSRF vulnerability that enables stored XSS attacks. An attacker can trick an authenticated user into submitting a crafted request, which the plugin processes without proper verification, resulting in malicious script storage. This can lead to partial compromise of user data and site integrity. The vulnerability is remotely exploitable without privileges but requires user interaction. No patch or official remediation guidance is currently provided by the vendor.

Successful exploitation can lead to stored XSS, allowing attackers to execute arbitrary scripts in the context of the affected site. This can compromise user confidentiality and integrity and potentially affect availability. The vulnerability requires user interaction but no privileges, making it accessible to remote attackers. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider disabling the plugin or restricting its use to trusted users only. Implementing web application firewall (WAF) rules to detect and block CSRF attempts may provide temporary mitigation. Monitor official vendor channels for updates and apply patches promptly once released.