EPSS
Percentile
40.2%
The plugin does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
https://example.com/wp-admin/admin.php?page=circle_thumbnail_slider_with_lightbox_image_managementℴ_pos=