0.001 Low
EPSS
Percentile
20.9%
The plugin does not have CSRF check in when creating a source, and does not sanitise as well as escape the title, which could allow attackers to make a logged in user create an arbitrary source with an XSS payload in it