0.001 Low
EPSS
Percentile
24.8%
The plugin does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
[mlcalc schedule="month';alert(/XSS/)//"]