7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%
Description The plugin does not have CSRF check in its wpp_save_settings() function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF