0.001 Low
EPSS
Percentile
26.3%
The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.
Allows import of any images with any user level.