EPSS
Percentile
64.8%
The plugin did not have any CSRF in place when saving its options, which could allow attacker to make a logged in administrator change them. Due to the lack of sanitisation in some of them, Stored XSS could also be achieved
jvn.jp/en/jp/JVN42880365/