EPSS
Percentile
27.4%
The plugin is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.