5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Description The plugin does not sanitize and escape some of its settings, which could allow contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.