The vulnerability is a stored Cross‑Site Scripting flaw caused by the IP Based Login plugin not properly neutralizing user input before rendering it in the web interface. An attacker can insert malicious JavaScript that is saved by the plugin and later executed in the browsers of anyone who views the affected page, potentially allowing session hijacking, cookie theft, or defacement of the site. This weakness matches CWE‑79.

The fault resides in the WordPress plugin "IP Based Login" developed by brijeshk89. All plugin releases up to and including version 2.4.3 are vulnerable; versions released after 2.4.3 are presumed corrected.

The CVSS score of 5.9 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is web‑based, where an attacker crafts input through the plugin’s interface that gets stored and later served to users. Because the flaw is stored XSS, it requires an attacker to have the ability to submit input via the plugin—typically through an administrative account or a compromised user account—before another user loads the affected page. When successful, the impact is confined to the browsers of those users and could result in data theft, credential compromise, or site defacement.