0.001 Low
EPSS
Percentile
19.5%
The plugin does not sanitise and escape the widget-wpp[2][post_type] parameter before outputting it in the page, which could lead to a Stored Cross-Site Scripting issue