EPSS
Percentile
19.4%
The plugin does not have authorisation and CSRF checks in some of its AJAX actions, which could allow any authenticated users, such as subscriber to create arbitrary brands