EPSS
Percentile
69.0%
The plugin is missing CSRF check when updating its settings, which could allow attacker to make a logged in admin change them, as well as put XSS payloads in them due to the lack of sanitisation and escaping