EPSS
Percentile
34.8%
The plugin does not validate some user input used to generate paths, which could allow high privilege users such as admin to delete arbitrary files (even when they should not be able to, for example in multisite) via a traversal attack