EPSS
Percentile
21.6%
The plugin does not have CSRF check in place when activating installed plugins, which could allow an attacker to make a logged in admin perform such action via a CSRF attack