The flaw is an improper neutralization of input during web page generation, resulting in reflected cross‑site scripting. An attacker can embed malicious JavaScript in a constructed URL or form input that the plugin displays without escaping. If a victim follows that link or submits that input, the injected code executes in the victim’s browser, enabling cookie theft, session hijacking, defacement, or delivery of further malware. The weakness is a classic "Reflected XSS" (CWE‑79).

This vulnerability affects EditionGuard for WooCommerce – eBook Sales with DRM, a WordPress plugin sold by EditionGuard, for all releases up to and including version 3.4.2. Users running any of those versions are susceptible.

The CVSS score of 7.1 indicates moderate severity, while the EPSS score of less than 1 per cent suggests low exploitation probability in the current environment. The vulnerability is not listed in the CISA KEV catalog, implying no known active exploitation. The attack vector is inferred to be remote, through a crafted URL or form input that a victim could be tricked into visiting or submitting. Consequently, the risk remains a moderate potential compromise of web content integrity and a moderate user session risk.