Impact
The vulnerability allows a contributor to inject arbitrary JavaScript in the Structured Content plugin, leading to Cross Site Scripting. If executed in a user’s browser it can steal session cookies, deface the site, or redirect users to malicious domains. The flaw arises from inadequate input validation of contributor content and is identified as CWE‑79.
Affected Systems
WordPress sites running the Structured Content plugin version 1.7.0 or earlier are affected. The known vendor is Gordon Böhme, and the product name is Structured Content. No further version details are supplied beyond the 1.7.0 cutoff.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity. EPSS is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a crafted post or content piece submitted by a contributor role that the site trusts, since the vulnerability is labeled "Contributor Cross Site Scripting."
OpenCVE Enrichment