EPSS
Percentile
34.8%
The plugin does not have CSRF check when enabling low privilege users (such as subscriber) the ability to execute PHP code, which could allow attackers to make logged in admins enable such option via a SCRF attack