0.001 Low
EPSS
Percentile
29.0%
The plugin does not sanitise and escape the question[id] parameter, which could allow unauthenticated users to perform iFrame injection attack