EPSS
Percentile
57.0%
The plugin does not validate a parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file crafted with a suitable gadget chain and having a logged in admin open a malicious link