The Posts Footer Manager plugin for WordPress has a stored Cross‑Site Scripting flaw caused by failure to neutralize user input before it is rendered in a web page. The weakness, documented as CWE‑79, allows malicious script code to be injected through the plugin’s footer content form and then stored in the database. When other users visit any page that displays the stored footer, the script executes in their browser, providing an attacker with the possibility of session hijacking, cookie theft, or defacement of the site. The exploitation that an attacker requires a valid account with permission to edit the footer content is inferred from the description, as the vulnerability involves input that is both stored and rendered to visitors.

All installations of Data443 Risk Mitigation, Inc. Posts Footer Manager for WordPress that are running version 2.2.0 or earlier are affected. The plugin can be deployed on any WordPress site that allows users to add or edit footer content, making the vulnerability present whenever the plugin is installed and not upgraded beyond the specified version.

The CVSS score of 5.9 indicates a moderate risk. The EPSS score of less than 1% suggests that, at present, exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector involves an authenticated user submitting malicious payloads via the plugin’s footer content form, which are then stored and rendered to all site visitors.