EPSS
Percentile
45.2%
The plugin does not properly sanitize and escape user-supplied attributes in its shortcode(s), leading to a Stored Cross-Site Scripting vulnerability.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/powerpress/powerpress-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode