The wpwox Custom Script Integration plugin versions up to 2.1 contain a CSRF vulnerability that enables stored XSS attacks. This means that an attacker can trick an authenticated user into submitting a forged request that leads to malicious scripts being stored and executed in the context of the affected application. The vulnerability has a CVSS 3.1 base score of 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow an attacker to execute stored malicious scripts within the context of the affected application, potentially leading to data disclosure, modification, or disruption of service. The CSRF nature means that the attacker must trick a user into performing an action, but no privileges are required to initiate the attack. The impact affects confidentiality, integrity, and availability at a low level each.

No official patch or remediation guidance is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should consider disabling or limiting use of the affected plugin and apply standard CSRF protections if possible.