EPSS
Percentile
70.0%
The plugin does not have CSRF checks in various AJAX actions, allowing attackers to make logged in admins call them and modify membership details/renewal information etc via CSRF attacks