EPSS
Percentile
35.2%
The plugin did not enforce new-password requirements for existing accounts until the second login occurred, which could leave an account configured with a potentially weak password until the user changes it