EPSS
Percentile
43.6%
The plugin lacked CSRF nonces, which could allow attackers to make logged in administrators perform unwanted actions, such as change the pluginβs settings via a CSRF attack.
plugins.trac.wordpress.org/changeset/2454670/