This vulnerability in the Johnny Post List Featured Image plugin (versions ≤ 0.5.9) allows stored cross-site scripting due to improper input neutralization during web page generation. An attacker could inject malicious scripts that are stored and later executed in the context of users viewing the affected pages. The CVSS score of 6.5 reflects the network attack vector with low attack complexity, requiring low privileges and user interaction, and impacts confidentiality, integrity, and availability to a limited extent. No patch or official fix information is provided in the available data.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users' browsers, potentially leading to information disclosure, session hijacking, or other client-side impacts. The vulnerability affects confidentiality, integrity, and availability at a low level. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version or applying any available vendor recommendations. Monitor vendor channels for updates regarding patches or mitigations.