EPSS
Percentile
51.8%
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change its own user role to customer.