EPSS
Percentile
26.1%
The plugin does not have authorisation check when activating plugins via an action hooked to init(), which could allow unauthenticated attackers to deactivate arbitrary plugins from the blog