EPSS
Percentile
53.1%
The plugin does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.
https://example.com/wp-admin/admin.php?page=pr_new_registration_form&show;_dash_widget=1&invitaion;_code=PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4=
plugins.trac.wordpress.org/changeset/2507536/