EPSS
Percentile
17.0%
The plugin does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
packetstormsecurity.com/files/166824/