This vulnerability in the weptile Mobile App for WooCommerce (versions ≤ 0.4.61) involves improper neutralization of input during web page generation, leading to stored cross-site scripting (XSS). An attacker can inject malicious scripts that persist and execute when viewed by users, potentially compromising confidentiality, integrity, and availability of the app environment. The CVSS 3.1 vector indicates the attack can be performed remotely without privileges but requires user interaction. There is no information about an official fix or patch, and the app is not a cloud service, so remediation depends on vendor updates.

Successful exploitation allows an attacker to execute arbitrary scripts in the context of the affected app, potentially leading to data disclosure, modification, or disruption of service. The vulnerability impacts confidentiality, integrity, and availability as indicated by the CVSS vector. No known exploits in the wild have been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should exercise caution with untrusted input and avoid interacting with suspicious content within the app. Monitor official vendor channels for updates and apply patches promptly once released.