The starblank Custom Product Stickers for Woocommerce plugin versions up to 1.9.0 contain a reflected cross-site scripting vulnerability due to improper input neutralization during web page generation. This flaw allows attackers to inject malicious scripts that execute when a user interacts with crafted web content generated by the plugin. The vulnerability is remotely exploitable without privileges and requires user interaction. It impacts confidentiality, integrity, and availability as indicated by the CVSS vector. No patch or mitigation details are currently provided by the vendor or authoritative sources.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability. The CVSS score of 7.1 reflects a high severity level. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should consider disabling or removing the affected plugin version if feasible. Avoid interacting with untrusted inputs or URLs that may trigger the vulnerability. Monitor vendor communications for updates on patches or mitigations.