EPSS
Percentile
17.7%
The plugin does not sanitise and escape the w4pl[no_items_text] parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks