Impact
Based on the CVE description, the WowAddons plugin versions 1.6.14 and earlier contain an unauthenticated Cross Site Scripting (XSS) vulnerability. Attackers can inject malicious scripts through input that the plugin processes, allowing arbitrary client‑side code execution in the context of a site visitor. The vulnerability is classified as CWE‑79. The overall impact depends on the execution context but may compromise confidentiality, integrity or availability as perceived by users.
Affected Systems
WordPress sites using the WowAddons plugin version 1.6.14 or earlier, distributed by WPXPO:WowAddons, are affected. Any installation that has not been updated to 1.6.15 or later remains vulnerable.
Risk and Exploitability
With a CVSS score of 7.1 this vulnerability is rated moderate‑to‑high severity. The CVE indicates that no authentication is required, but the exact attack surface is not detailed. It is inferred that the likely attack vector involves supplying crafted input via a plugin‑provided field or URL that the plugin processes. No EPSS score is available, so the probability of exploitation is unknown. The vulnerability is not listed in CISA’s KEV catalogue, suggesting no widespread known exploitation at present.
OpenCVE Enrichment