EPSS
Percentile
75.6%
The plugin does not validate the fts_url parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file and a suitable gadget chain is present