EPSS
Percentile
59.0%
The plugin does not have authorisation in the wcfm_ajax_controller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator