EPSS
Percentile
18.4%
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.
patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-reflected-cross-site-scripting-xss
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/eventprime-event-calendar-management/eventprime-286-reflected-cross-site-scripting