0.001 Low
EPSS
Percentile
39.6%
The plugin does not have CSRF when updating its settings, and it also missing sanitisation as well as escaping in some of them. This could allow attackers to make a logged in admin update them and put Stored Cross-Site Scripting payloads in them