0.001 Low
EPSS
Percentile
50.5%
An unauthenticated user could put XSS payload in their billing details when subscribing, which will then be executed in the admin dashboard when moused over.
www.precursorsecurity.com/blog/woocommerce-subscriptions-persistent-xss-cve-2019-18834