EPSS
Percentile
24.8%
The plugin does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
[wonderplugin_pdf src="a" onload="alert(1)"]