EPSS
Percentile
36.5%
The plugin does not properly sanitise and escape the id and form_id parameters before using them in a SQL statement, leading to a SQL injection exploitable by unauthenticated users