This vulnerability in ChillPay WooCommerce (<= 2.5.3) involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). An attacker can inject malicious scripts that persist and execute in the context of users' browsers when they view affected pages. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability at low to low levels respectively.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of affected users' browsers. This may lead to theft of sensitive information, session hijacking, or other malicious actions impacting confidentiality, integrity, and availability. The CVSS score of 7.1 reflects a high severity impact. However, no known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or limiting use of the affected ChillPay WooCommerce plugin versions and apply web application firewall (WAF) rules to detect and block XSS payloads where possible. Monitor vendor channels for updates and apply patches promptly once released.