EPSS
Percentile
52.8%
Any page that causes a 404 or 302 response, will be output within the Redirect Log page without any validation or output encoding, including the URL querystring, which could contain an XSS payload.
www.logicallysecure.com/blog/ls-team-discovers-xss-in-wordpress-plugin/