EPSS
Percentile
51.8%
The plugin does not implement nonce checks, which could allow attackers to make a logged-in admin send test emails with arbitrary content to users.