EPSS
Percentile
20.9%
The plugin does not have CSRF in place when updating the API key, allowing attackers to make a logged in admin perform such action via a CSRF attack