6.1CVSS
6.4AI Score
0.001EPSS
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Inj...
8.8CVSS
8.6AI Score
0.001EPSS