EPSS
Percentile
31.8%
The plugin does not have CSRF check when updating its settings, allowing attackers to make logged in admin update them via a CSRF attack