The blueinstyle Advanced Tag Lists plugin versions up to 1.2 contain a CSRF vulnerability that enables stored XSS attacks. An attacker can exploit this by tricking an authenticated user into submitting a crafted request, leading to malicious script storage and execution. The vulnerability is network exploitable without privileges but requires user interaction. The CVSS vector indicates low attack complexity, no privileges required, but user interaction is necessary, and the impact affects confidentiality, integrity, and availability at a low level.

Successful exploitation can result in stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected application, potentially leading to data theft, session hijacking, or other malicious actions. The vulnerability impacts confidentiality, integrity, and availability to a limited extent as indicated by the CVSS metrics.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider disabling or restricting access to the affected plugin to reduce risk.