The description identifies an improper neutralization of input during web page generation that allows a DOM‑based Cross‑Site Scripting flaw in the WordPress plugin Google AdSense for Responsive Design – GARD. When user input is processed and rendered without proper sanitization, an attacker can inject malicious JavaScript that will execute in the victim’s browser, enabling hijacking of cookies, session data, or defacement of the site. The weakness is a classic input validation flaw identified as CWE‑79.

The affected product is the WordPress plugin Google AdSense for Responsive Design – GARD from The Plugin Factory. Every deployment using any version from the earliest released build up through version 2.23 is vulnerable. No other products are listed. The plugin is commonly installed on WordPress sites that use Google AdSense ads.

The CVSS score is 5.9, indicating moderate severity, and the EPSS score is below 1 %, which suggests a low probability of widespread exploitation at present. The vulnerability is not in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is through a user‑controlled field in the plugin’s admin panel or short‑codes that are rendered in the browser; an attacker would need to entice site visitors or compromise an authenticated admin to insert the payload. Because the flaw is DOM‑based, it requires that the attacker influence the generated HTML that the victim’s browser receives.