This flaw is an instance of Improper Neutralization of Input During Web Page Generation, commonly referred to as Cross‑Site Scripting. It enables an attacker to store malicious script code within the Porn Videos Embed plugin’s content fields. When the compromised content is rendered on a WordPress page, the injected script runs in the context of the victim’s browser, which could lead to credential theft, session hijacking, or execution of further client‑side attacks. The impact is confined to the web site's audience and does not allow direct compromise of the underlying server or operating system.

The vulnerability affects the Porn Videos Embed plugin, supplied by perteus, in all releases from the first available version through 0.9.1 inclusive. WordPress installations that have installed any of these versions and allow administrators or content authors to embed videos or custom HTML via the plugin are at risk. Sites without the plugin or with later versions are not affected.

The CVSS score of 6.5 denotes a moderate severity. The EPSS score is reported as < 1%, indicating a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker would need access to the WordPress backend or a feature that allows content injection to place the stored payload. Once the payload is stored, any user who visits a page rendering that content is susceptible to the XSS, providing wide reach for the attacker relative to the site’s audience.