The Billy Bryant Tabs plugin (version 4.0.3 and earlier) contains a CSRF vulnerability that enables stored XSS attacks. This means an attacker can trick a user into submitting unauthorized requests that result in malicious script storage, potentially affecting users who view the compromised content. The vulnerability is remotely exploitable without privileges but requires user interaction. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can lead to stored XSS, allowing attackers to execute malicious scripts in the context of affected users. This can result in partial disclosure of information, modification of data, and disruption of service. The overall impact is rated as high due to the combination of CSRF and stored XSS, which can be leveraged to compromise user sessions or perform unauthorized actions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider applying temporary mitigations such as disabling the affected plugin or restricting access to trusted users only.