The vulnerability is a Cross‑Site Request Forgery flaw that allows malicious input to be stored and later executed as script within the admin interface. The attacker injects JavaScript that is persisted in the Knowledge Base Maker plugin’s data store, enabling the script to run whenever an authenticated administrator views the affected page. Consequently, the attacker can exfiltrate credentials or other sensitive data, or perform actions on the site using the victim’s privileges. The primary weakness is the lack of proper request validation (CWE‑352).

WordPress sites that have installed the devfelixmoira Knowledge Base – Knowledge Base Maker plugin version 1.1.8 or earlier are vulnerable. The plugin is a WordPress extension designed to manage a knowledge base; the vendor’s CNA lists the affected range as all releases up to 1.1.8 inclusive.

The CVSS score of 7.1 classifies this as a high‑severity flaw. The EPSS score of <1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread attacks. However, the attack vector is inferred to require an authenticated administrator who visits a maliciously crafted URL that triggers the CSRF and writes the payload into the store. Once the payload is stored, the risk escalates because any subsequent administrative activity will execute the malicious script, exposing the site to further compromise.