0.0005 Low
EPSS
Percentile
18.3%
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.
patchstack.com/database/vulnerability/loginizer/wordpress-loginizer-plugin-1-7-5-unauth-reflected-cross-site-scripting-xss-vulnerability