The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site ScriptingCreditsp7e4Referenceshttps://wpscan.com/vulnerability/dc5eace4-542f-47e9-b870-a6aae6a38b0f
