EPSS
Percentile
21.8%
The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
/wp-admin/admin.php?page=settings-wisw&token;_error=
purinechu.github.io/posts/social_slider_widget_reflected_xss/