The sevenspark Bellows Accordion Menu plugin versions up to 1.4.3 suffer from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This vulnerability allows an attacker with low privileges to inject malicious scripts that execute when a user interacts with the affected component. The CVSS 3.1 vector indicates network attack vector, low attack complexity, privileges required, user interaction required, and impacts on confidentiality, integrity, and availability classified as low to low to low respectively. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium severity based on the CVSS score of 6.5. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting privileges to trusted users and exercising caution with user-generated content in the affected plugin. Monitor vendor communications for updates on patches or official mitigations.