EPSS
Percentile
33.5%
The plugin has guessable booking IDs, which could allow attackers to retrieve booking data via an IDOR in the search request