AI Score
Confidence
High
EPSS
Percentile
38.8%
Description The plugin does not have CSRF check when updating invoices, which could allow attackers to make logged in admin perform such action via a CSRF attack