0.001 Low
EPSS
Percentile
24.2%
The plugin does not have CSRF checks in the imlt_create_admin function, which could allow attackers to make logged in Admin users create new attacker-controlled Admin accounts via CSRF