EPSS
Percentile
20.8%
The plugin does not have CSRF check in place when deleting the custom post type (CPT), allowing attackers to make a logged in admin do such action via a CSRF attack