This vulnerability in themifyme Themify Shortcodes (<= 2.1.3) involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). An attacker can inject malicious scripts that are stored and later executed in users' browsers when they view the affected pages. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, and impacts on confidentiality, integrity, and availability at low levels. No patch or vendor advisory information is currently provided.

Successful exploitation of this stored XSS vulnerability can allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to partial disclosure of sensitive information, modification of displayed content, or disruption of availability. The CVSS score of 6.5 reflects a medium severity impact affecting confidentiality, integrity, and availability to a limited extent. There are no known exploits in the wild reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the use of Themify Shortcodes versions up to 2.1.3 or apply any recommended temporary mitigations from the vendor. Monitor for updates from themifyme regarding patches or official fixes.