EPSS
Percentile
22.3%
The plugin does not have CSRF checks when creating, updating and deleting contacts, which could allow attackers to make logged in users perform such actions via CSRF attacks