0.032 Low
EPSS
Percentile
91.3%
The plugin does not validate the dl parameter which could allow unauthenticated users to download arbitrary files from the server, as well as perform SSRF attacks