The vulnerability is an improper neutralization of input during web page generation, allowing stored X‑SS scripts to be placed into content that WordPress displays. When a user views a page that includes this stored content, the browser will execute the injected script. This can enable an attacker to run arbitrary client‑side code, potentially affecting the confidentiality and integrity of information displayed to or handled by the site’s visitors.

Studio Hyperset’s The Great Firewords of China WordPress plugin is vulnerable for all releases from its initial version through 1.2 inclusive. Any WordPress installation that has a version of this plugin in that range is impacted. The Vulnerability Naming Authority identified the product as the Studio Hyperset The Great Firewords of China plugin.

The CVSS score of 6.5 classifies the issue as moderate severity. The EPSS score of less than 1% indicates a low probability of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description of a stored XSS flaw, it is inferred that an attacker with the ability to submit content to the plugin can embed malicious script that later becomes part of the rendered page. Anyone who accesses the affected page can have the script executed in their browser, presenting a risk proportional to the plugin’s audience size.