0.001 Low
EPSS
Percentile
30.0%
The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
plugins.trac.wordpress.org/changeset/2697388