EPSS
Percentile
60.9%
This vulnerability works by using wp_ajax_nopriv_check_stat action. Any user can perform a stored XSS attack.
Upgrade the plugin.
www.exploit-db.com/exploits/37132/