EPSS
Percentile
33.5%
The plugin does not sanitise and escape filenames before outputting them back in order confirmation page, leading to a Reflected Cross-Site Scripting