The WP Odoo Form Integrator plugin for WordPress, versions up to 1.1.0, contains a CSRF vulnerability that enables stored XSS attacks. An attacker can exploit this by tricking an authenticated user into submitting a crafted request, which results in malicious script storage and potential execution in the context of the affected site. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting its high impact on confidentiality, integrity, and availability with a network attack vector and requiring user interaction.

Successful exploitation of this vulnerability can lead to stored XSS, allowing attackers to execute arbitrary scripts in the context of the victim's browser. This can result in session hijacking, defacement, or other malicious actions impacting confidentiality, integrity, and availability of the affected system. The vulnerability requires user interaction but no privileges, increasing the risk for site users.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider disabling or removing the WP Odoo Form Integrator plugin or implementing additional CSRF protections such as verifying request origins and using anti-CSRF tokens where possible.