EPSS
Percentile
33.8%
An unauthenticated user can inject arbitrary persistent javascript code in the admin panel via Bookly plug-in.
www.gubello.me/blog/bookly-blind-stored-xss/