0.001 Low
EPSS
Percentile
19.6%
The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to create arbitrary brands