0.001 Low
EPSS
Percentile
27.7%
The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.