EPSS
Percentile
18.4%
The plugin does not sanitize and escape a parameter before outputting it back in the page, allowing an unauthenticated attacker to inject web scripts that will execute when a visitor follows a crafted link to the page.