The sonalsinha21 SKT Blocks plugin suffers from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This allows attackers with low privileges to inject malicious scripts that are stored persistently and executed in the context of other users' browsers. The vulnerability affects all versions up to 2.0. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) reflects network attack vector, low attack complexity, required privileges, and user interaction, with partial impact on confidentiality, integrity, and availability. No patch or vendor advisory information is currently available.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users' browsers, potentially leading to limited disclosure of information, modification of data, or disruption of service within the affected application. The impact is rated medium based on the CVSS score of 6.5. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should exercise caution with user-generated content and consider applying temporary mitigations such as input validation or output encoding if feasible. Monitor official sources for updates from the vendor sonalsinha21 regarding fixes.