EPSS
Percentile
40.5%
The plugin does not properly escape the profile display name, leading to stored Cross-Site Scripting vulnerabilities.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/show-posts/weaver-show-posts-16-authenticatedcontributor-stored-cross-site-scripting-via-display-name