The Botnet Attack Blocker plugin for WordPress contains a stored cross‑site scripting flaw that arises from improper sanitization of user input when generating web pages. An attacker who can insert malicious script into the plugin’s data store can have that script executed in the browsers of visitors who view the affected content, potentially leading to session hijacking, credential theft, or defacement. The weakness corresponds to CWE‑79.

The flaw affects any installation of the Botnet Attack Blocker plugin version 2.0.0 or earlier. Users of WordPress sites that have installed the plugin from cheesefather and have not upgraded beyond version 2.0.0 are vulnerable.

With a CVSS score of 6.5 the vulnerability is considered moderate severity, but the EPSS score is below 1 %, indicating a very low likelihood of exploitation under current observed conditions. The flaw is not listed in the CISA KEV catalog. The attack vector likely involves a malicious user gaining access to the plugin’s data entry interface or exploiting any user‑controlled input fields that the plugin does not properly sanitize. An attacker could inject arbitrary scripting code that would persist until removed and then run in the context of any visiting user’s browser.