EPSS
Percentile
48.7%
The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and download arbitrary files