EPSS
Percentile
17.0%
Description The plugin does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
patchstack.com/database/vulnerability/additional-order-filters-for-woocommerce/wordpress-additional-order-filters-for-woocommerce-plugin-1-10-reflected-cross-site-scripting-xss-vulnerability