The dactum Clickbank WordPress Plugin (Niche Storefront) contains a CSRF vulnerability that enables attackers to execute stored XSS attacks by tricking authenticated users into submitting unauthorized requests. This affects all versions up to 1.3.5. The vulnerability has a CVSS 3.1 score of 7.1, reflecting its high severity due to the combination of network accessibility, low complexity, and the potential for confidentiality, integrity, and availability impacts. No known exploits in the wild or official patches have been documented in the provided data.

Successful exploitation can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the victim's browser, potentially compromising user data, session tokens, or performing actions with the victim's privileges. The CSRF aspect means attackers can induce authenticated users to perform unwanted actions without their consent. The overall impact affects confidentiality, integrity, and availability to a limited extent as per the CVSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin or applying any recommended temporary mitigations from the vendor. Monitoring official dactum or WordPress plugin security channels for updates is advised.