This vulnerability is a stored cross‑site scripting (XSS) flaw in Powie's Uptime Robot WordPress plugin, allowing arbitrary JavaScript to be injected into page output. The flaw results from the plugin not properly neutralizing user‑supplied input before it is rendered in a browser. As a result, code entered through the plugin can persist in the site’s data and later be executed whenever a page containing that data is viewed.

All releases of Powie's Uptime Robot up to and including version 0.9.7 are affected. The product is delivered via the WordPress plugin “Powie's Uptime Robot” from vendor PowieT. WordPress sites that have installed any version of the plugin through 0.9.7 remain vulnerable; no finer version details are provided by the vendor.

The CVSS score of 5.9 reflects a medium impact, and the EPSS score of <1 % indicates a low likelihood of real‑world exploitation at the time of this analysis. The flaw is not currently listed in the CISA KEV catalog, suggesting no known widespread exploitation. Typical exploitation would involve an attacker supplying malicious content via the plugin’s input interface, which is stored without sanitization and later rendered, allowing the code to run in end‑user browsers. The attack is remote and requires the ability to submit data that is preserved by the plugin.