EPSS
Percentile
57.7%
The plugin does not validate a parameter, which could allow high privilege users such as admin to perform PHAR deserialisation when a suitable gadget chain is also present