There was a recent claim of a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin H5P CSS Editor credited to have been discovered by p7e4, which is described by Wordfence this way:

…

[Read more]