EPSS
Percentile
26.2%
The plugin does not sanitise and escape the ycd_type parameter before outputting back in a page, leading to a Reflected Cross-Site Scripting