EPSS
Percentile
28.7%
The plugin does not sanitise and escape the question[id] parameter, which could allow unauthenticated users to perform iFrame injection attack