The vulnerability is a CSRF flaw that permits an attacker to inject malicious script that is permanently stored by the Print Science Designer plugin. A compromised script executed in the context of a site visitor can expose sensitive information, deface the site, or hijack user sessions. The stored type of XSS means the attack payload remains on the site after the initial request and will affect all users who view the impacted content. The weakness is identified as CWE‑352, emphasizing the importance of correct CSRF protection and input validation.

Affected is the WordPress plugin Print Science Designer by John Weissberg. Any installation version up to 1.3.155 inclusive is vulnerable; newer releases are not listed as impacted. Site owners using this plugin should verify their installed version and update if necessary.

The vulnerability carries a CVSS score of 7.1, indicating moderately high severity, while the EPSS score of less than 1 % suggests exploitation is currently unlikely but not impossible. It is not listed in CISA’s KEV catalog, but the nature of the flaw permits arbitrary code execution in the context of authenticated users, so it is still a significant concern. Attackers would need to lure a legitimate user into visiting a crafted link or embed malicious content in a context that triggers the CSRF flaw; the attack vector is web‑based, relying on the normal administrative interface of the plugin.