EPSS
Percentile
45.8%
The plugin does not properly protect its file_uploader_callback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site.