0.001 Low
EPSS
Percentile
26.3%
The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user’s username includes the admin