0.001 Low
EPSS
Percentile
42.7%
The plugin does not sanitise and escape some parameters, and is missing proper authorisation, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks