This vulnerability, identified as CWE-79, involves improper neutralization of input in the Quick Interest Slider plugin for WordPress.com, allowing unauthenticated cross-site scripting (XSS) attacks. The affected versions are up to 3.1.6 inclusive. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impacts include limited confidentiality, integrity, and availability losses. No vendor advisory or patch information is available at this time.

An unauthenticated attacker can exploit this XSS vulnerability to execute arbitrary scripts in the context of the affected web application. This may lead to partial compromise of user data confidentiality, integrity, and availability. The scope of impact extends beyond the vulnerable component due to the scope change indicated in the CVSS vector. However, no known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider restricting access to the affected plugin or disabling it if feasible to reduce exposure. Monitor official WordPress.com and Quick Interest Slider plugin channels for updates.