0.001 Low
EPSS
Percentile
20.9%
The plugin does not have CSRF check in some places, and does not sanitise as well as escape parameters, which could allow attackers to make logged in users put Stored XSS payloads via CSRF attacks