EPSS
Percentile
35.4%
The plugin does not escape the $_SERVER[βREQUEST_URIβ] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers