EPSS
Percentile
45.1%
The plugin does not have authorisation in various AJAX actions, allowing unauthenticated attackers to call them and modify membership details/renewal information etc