0.001 Low
EPSS
Percentile
19.4%
The plugin is lacking authorisation, CSRF and sanitisation in its AJAX actions available to any authenticated users, which could allow any logged in user to change the plugin’s settings and perform XSS attacks