0.001 Low
EPSS
Percentile
38.1%
The vulnerability exists in includes/options-profiles.php. It allows remote administrator to inject arbitrary web script or HTML via the Profile name field.
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6535