EPSS
Percentile
28.3%
The plugin does not properly validate and verify user requests use nonces, making it susceptible to Cross-Site Request Forgery (CSRF) attacks.
patchstack.com/database/vulnerability/download-theme/wordpress-download-theme-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability