EPSS
Percentile
21.4%
The plugin does not have CSRF check when duplicating posts (which will be duplicated as drafts), which could allow attackers to make logged in admin perform such action via a CSRF attack and fill up the post table