0.001 Low
EPSS
Percentile
24.3%
The plugin does not have CSRF checks when updating the merchant ID details, which could allow attackers to make logged in users update them via a CSRF attack.