0.001 Low
EPSS
Percentile
40.2%
The plugin does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/admin.php?sib_page_form&action;=edit&id;=1&pid;=xxxxx"+accesskey%3DX+onclick%3Dalert(1)+test%3D"