0.001 Low
EPSS
Percentile
32.8%
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the βroleβ GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
wordpress.org/plugins/admin-menu/
zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/