0.001 Low
EPSS
Percentile
21.2%
The plugin does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
https://example.com/wp-admin/admin-ajax.php?action=ddlay_restore_defaults