0.001 Low
EPSS
Percentile
26.4%
The plugin does not validate uploaded attachment files, which could allow unauthenticated users to upload malicious SVG and lead to Cross-Site Scripting