Vulnerabilities like this one are used in mass-exploit campaigns. Attackers use these to attack thousands of websites at a time, regardless of traffic size or popularity. Learn more.
As immediate action, update the affected plugin. If you're unable to do so, ask your hosting provider or web developer for help.
A XXE attack could allow a malicious actor to inject arbitrary XML which could lead the website to leak sensitive information, cause a denial of service, and server side request forgery.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
This security issue has a low severity impact and is unlikely to be exploited.
Update to version 2.3.11 or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.