The vulnerability is a stored cross‑site scripting (XSS) flaw caused by improper neutralization of input in the Table of Contents Block plugin. An attacker could store malicious script payloads that are later rendered on webpages, enabling malicious code execution in the context of a user who views the affected page. This weakness corresponds to CWE‑79 and directly compromises application integrity and user confidentiality by allowing arbitrary code execution in the victim’s browser. The impact extends across all users who load pages containing the vulnerable block.

Affected systems are WordPress installations running the Table of Contents Block plugin from its initial release through version 1.0.2. The plugin is authored by Achal Jain. Any WordPress site that has the plugin installed and whose version is 1.0.2 or earlier is susceptible. No specific WordPress core versions are enumerated as affected, so any compatible WordPress setup could be at risk if the plugin is present.

The CVSS score of 6.5 indicates moderate severity; the EPSS score of less than 1% signals a low likelihood of exploitation in the wild at this time. The vulnerability is not listed in the CISA KeV catalog, further suggesting limited exploitation activity. Based on the description, the likely attack vector is via any input mechanism provided by the plugin where user supplied data becomes embedded in the page. An attacker with access to create or edit blocks (typically an administrator or editor role) could inject scripts that later run in the browsers of visitors to pages containing the block. Because the flaw stores the payload, a single successful injection can persist until the data is removed or the plugin is updated. Mitigation is straightforward by disabling the vulnerable plugin or applying an official update that removes the XSS vector.