EPSS
Percentile
25.9%
The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin’s data, update the settings, add new entries and more via CSRF attacks