EPSS
Percentile
23.6%
The plugin does not have CSRF checks when deleting affiliate records, which could allow attackers to make logged in admins to delete arbitrary record via a CSRF attack