0.003 Low
EPSS
Percentile
69.2%
Because of this vulnerability, an attacker can inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.
Update to version 2.2.11.