The vulnerability CVE-2025-46466 affects the felixtz Modern Polls plugin (versions <= 1.0.10) and is classified as a Cross-Site Request Forgery (CSRF) issue that enables stored Cross-Site Scripting (XSS). An attacker could exploit this by tricking an authenticated user into submitting a crafted request, resulting in malicious script storage and execution within the application context. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute stored XSS attacks by leveraging CSRF to submit unauthorized requests on behalf of authenticated users. This can lead to session hijacking, defacement, or other malicious actions within the affected application. The impact is rated as high severity based on the CVSS score, but there are no known active exploits in the wild currently.

No official patch or remediation guidance is currently available for this vulnerability. Users of felixtz Modern Polls should monitor the vendor's advisories for updates and apply any future patches promptly. Until a fix is released, consider disabling or restricting access to the affected plugin to reduce risk.