This vulnerability involves improper neutralization of input in the codepeople Payment Form for PayPal Pro plugin, leading to stored cross-site scripting (XSS). The issue affects versions up to 1.1.72 and allows attackers to inject malicious scripts that persist on the affected web pages, potentially impacting users who access those pages. The vulnerability is classified as stored XSS, which can lead to session hijacking, defacement, or other client-side attacks if exploited. There is no CVSS score assigned, no known exploits in the wild, and no patch or remediation information currently available. The product is not a cloud service, so remediation depends on vendor updates or user-applied patches.

Successful exploitation of this stored XSS vulnerability could allow attackers to execute arbitrary scripts in the context of users' browsers when they visit affected pages. This may lead to theft of user credentials, session tokens, or other sensitive information accessible via the browser. However, there are no known active exploits reported. The impact is limited to environments using the vulnerable versions of the Payment Form for PayPal Pro plugin.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation or output encoding workarounds if feasible. Monitoring vendor communications for updates is recommended. No vendor advisory or official fix information is currently provided.