EPSS
Percentile
40.4%
The plugin is missing capability and CSRF checks in various of its AJAX functions available to any authenticated users, which could allow users with a role as low as subscriber to update arbitrary settings and modify reviews