EPSS
Percentile
32.1%
The plugin does not sanitise and escape some parameters, allowing an attacker to trick a visitor to send a request with XSS payloads that will trigger when they visit the site.