This vulnerability in the Global Meta Keyword & Description plugin allows an attacker to exploit CSRF to inject stored XSS payloads. The affected versions are from an unspecified initial version through 2.3. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes partial loss of confidentiality, integrity, and availability. No known exploits in the wild or vendor advisories with patch information are currently available.

Successful exploitation can allow attackers to execute stored XSS via CSRF, potentially leading to unauthorized actions performed in the context of an authenticated user. This can compromise user data confidentiality, integrity of the application data, and availability of affected functions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should consider disabling or removing the affected plugin or applying any recommended temporary mitigations from the vendor. Monitor for updates from the vendor or trusted security sources.