EPSS
Percentile
82.6%
The plugin does not have CSRF checks in the gmace_manager_server() function, which could allow attackers to make logged in admins create, delete and update arbitrary files via a CSRF attack