The vulnerability is a persistent cross‑site scripting flaw, identified as CWE‑79, that allows attackers who are authenticated as administrators to inject arbitrary JavaScript through unsanitized input fields on the plugin’s settings page. When the malicious code is stored and later rendered by the application, it executes in the context of an administrative user, effectively granting the attacker the same level of control over the site as a legitimate administrator, leading to privilege escalation and potential exposure of sensitive data or further compromise of the hosting environment.

The flaw exists in Powie’s WHOIS Domain Check plugin, specifically version 0.9.31. The plugin is commonly used within WordPress sites to perform WHOIS lookups and display domain information. Only installations running this exact version are affected; newer or earlier releases are not impacted to the extent described.

The CVSS score of 5.1 indicates a moderate severity, but the fact that the exploit requires an authenticated administrator means the attacker must first gain legitimate access or have existing administrative credentials. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that widespread exploitation has not been observed yet. The attack path requires the victim to possess an admin role on the WordPress site, visit the vulnerable settings page, and submit a malicious payload, which is then stored and executed when the page is rendered. Once the script runs, the attacker can perform actions with the site's privileges.