0.001 Low
EPSS
Percentile
43.0%
The plugin does not validate the url parameter passed to the v1/hotlink/proxy REST endpoint, allowing any authenticated users to perform SSRF attacks