An improper neutralization of input during page generation leads to a stored cross‑site scripting flaw in the Soli WP Post Signature plugin when the version is 0.4.1 or older. A malicious actor can inject JavaScript through the plugin’s signature entry functionality, causing the scripts to run in the browsers of any visitor who views a page containing the compromised signature. This may enable session hijacking, data theft, defacement, or delivery of additional malware to site visitors. The description does not state whether the signature entry requires authentication; it is inferred that write access may be needed, which should be verified during assessment.

The vulnerability affects the WP Post Signature plugin from its initial release up to and including version 0.4.1. Any WordPress site that has not upgraded past this version and continues to use the plugin is impacted.

The CVSS score of 5.9 places the flaw in the moderate severity range, and an EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation involves embedding malicious JavaScript through the plugin’s signature entry, which, when stored, will execute in the browsers of unauthenticated page viewers. Authentication requirements for the entry point are not explicitly set in the description and are inferred; this should be verified during assessment.