0.001 Low
EPSS
Percentile
19.5%
The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks