EPSS
Percentile
49.8%
The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile